Understanding email authentication: Protecting your domain from scammers
What's the problem?
Scammers love to impersonate trusted businesses to trick people into clicking malicious links, sharing passwords, or sending money. One of their favourite tricks is sending fake emails that appear to come from your domain - making it look like you or your team sent them.
This is called email spoofing, and it's easier to do than you might think. Without proper protections in place, scammers can send emails that look like they're from yourcompany.com, damaging your reputation and putting your clients at risk.
How do we stop them?
There are three main technologies that work together to authenticate your emails and prevent scammers from impersonating your domain:
SPF (Sender Policy Framework)
Think of SPF as a guest list for your domain. You create a list of mail servers that are allowed to send emails on behalf of your domain. When someone receives an email claiming to be from you, their email system checks: "Is this server on the approved list?"
If the answer is no, the email can be flagged or rejected.
DKIM (DomainKeys Identified Mail)
DKIM adds a digital signature to your emails - like a wax seal on an envelope. This signature proves the email actually came from your domain and hasn't been tampered with during delivery.
When the recipient's email system receives your email, it checks this signature to verify authenticity.
DMARC (Domain-based Message Authentication, Reporting and Conformance)
DMARC is where it all comes together. It builds on SPF and DKIM by telling recipient email systems what to do when an email fails authentication checks.
Should the email be delivered anyway? Sent to spam? Rejected completely?
But here's the best part: DMARC also sends you reports showing who is sending emails from your domain. This means you can see both your legitimate emails AND any impersonation attempts by scammers.
Why does this matter for your business?
Protection from scammers: Without these protections, scammers can easily impersonate your domain to phish your clients, partners, or employees.
Better email deliverability: Email providers like Gmail, Outlook, and Yahoo prioritise authenticated emails. Proper authentication means your legitimate emails are more likely to land in the inbox instead of spam.
Visibility: DMARC reports show you exactly how your domain is being used - both the good and the bad. This helps you spot issues before they become problems.
Trust: When your emails are properly authenticated, recipients can trust they're actually from you.
What we do for you
Our email monitoring solution:
- Sets up and manages SPF, DKIM, and DMARC for your domains
- Collects and analyses DMARC reports from email providers
- Alerts you to any suspicious activity or authentication issues
- Ensures your legitimate email systems are properly authenticated
- Gradually increases security levels to block scammers while protecting deliverability
Whether you actively send emails from a domain or simply want to protect it from being misused, we've got you covered.
What you need to do
If you haven't already, sign up for this service here: Email delivery & Brand reputation management
If you are already subscribed make sure to let us know if you start sending email using any new tool to send emails (like a new CRM, email marketing platform, or service). We'll ensure it's properly authenticated so your emails are delivered successfully. You can reach out via chat or book a meeting anytime with us here.
That's it! We handle the technical complexity so you can focus on your business while staying protected from email scammers.
Additional Resources from Government Cyber Security Agencies
And it's not just us saying this is good governance! Read how governments are also helping to protect you from scammers:
https://www.ncsc.gov.uk/collection/email-security-and-anti-spoofing/
