You've taken the crucial first step. You've run our Security Level Assessment, and the report is in. If your business landed at a Level 1 — this guide is for you.
If you haven't done the assessment yet, click here to assess your security level now.
Without the right email authentication protocols in place, your business isn't just vulnerable — it's an open invitation for scammers to impersonate your domain. This is the #1 attack vector used against Australian SMBs.
The key to closing this door and progressing to Security Level 3 is a technology called DMARC. In this technical guide, we'll break down exactly what it is, why it matters, and how to fix it.
DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol with a simple but powerful job: it prevents anyone from sending emails that impersonate your domain.
It works in tandem with two other protocols:
A list of servers and IP addresses that are authorised to send email on behalf of your domain. If an email comes from a server not on this list, SPF fails.
Adds a cryptographic digital signature to your emails, which the receiving server can verify to confirm the message hasn't been tampered with in transit.
DMARC is the final, crucial layer. It tells the receiving server what to do if an email fails the SPF or DKIM checks — quarantine it, reject it, or let it through. Without DMARC, even a perfect SPF and DKIM setup leaves the door open.
Implementing DMARC is the difference between having a security guard at your front door and just hoping nobody tries to walk in.
Curious about your current status? You can perform a quick check right now. We've partnered with Sendmarc to provide an instant check of your email security. Enter your email domain and get an instant result.
Assess Your Email Security Now
Implementing DMARC is a journey, not a single action. It typically starts with a monitoring-only policy and gradually moves to a full enforcement state.
Publish a DMARC record that simply collects data. This allows you to see who is sending email on behalf of your domain before making any enforcement decisions.
Over a few weeks, analyse the reports to identify all the services that legitimately send email for your domain — newsletters, CRMs, support tools — and ensure they are properly authorised.
Once you're confident you've identified all legitimate senders, update your policy to tell receiving servers to send any failing emails to the spam folder rather than the inbox.
This is the final and most secure state. You are now instructing servers worldwide to completely block any email that fails your authentication checks — no exceptions.
Managing this process manually can be complex, time-consuming, and risky. The reports are difficult to parse, and a single mistake can block legitimate emails — causing significant disruption to your business.
This is where a dedicated tool becomes essential. Sendmarc automates the entire DMARC journey, simplifying the analysis and guiding you safely from monitoring to full enforcement. If your assessment revealed a gap in your email security, addressing your DMARC policy is the single most impactful step you can take.
Geeks on Tap and Sendmarc will walk you through your current email security posture and show you the fastest path to full DMARC enforcement. No jargon, no lock-in.
Book a Demo of Sendmarc