The Crucial Role of DMARC in Email Authentication for Accountants

In today’s digital landscape, where email communication is ubiquitous, ensuring the security and authenticity of your messages is paramount. One fundamental aspect of email security that often goes overlooked is Domain-based Message Authentication, Reporting, and Conformance (DMARC). This powerful protocol plays a crucial role in safeguarding your organisation’s email domain against phishing attacks, spoofing, and unauthorised use. In this article, we’ll delve into the importance of setting up DMARC for email authentication and explore how it enhances your organisation’s cybersecurity posture.

What is DMARC?

DMARC is an email authentication protocol that enables domain owners to specify how email messages sent from their domain should be handled by email receivers. It works by leveraging existing email authentication mechanisms—Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM)—to authenticate incoming messages. Additionally, DMARC provides domain owners with visibility into email traffic and allows them to specify policies for how unauthenticated messages should be handled, such as monitoring, quarantining, or rejecting them outright.

Why DMARC Matters

  • Combat Phishing and Spoofing: Phishing attacks, where malicious actors impersonate legitimate entities to deceive recipients into divulging sensitive information, remain a pervasive threat. DMARC helps combat these attacks by verifying the authenticity of incoming messages and allowing organisations to take appropriate action against fraudulent emails.
  • Protect Brand Reputation: Unauthorised use of your domain in phishing or spoofing campaigns can tarnish your brand’s reputation and erode customer trust. By implementing DMARC, you establish greater control over your domain’s reputation and safeguard against potential damage to your brand image.
  • Enhance Email Deliverability: DMARC empowers domain owners to set clear policies for handling unauthenticated emails. By specifying actions such as quarantining or rejecting these messages, organisations can improve email deliverability and ensure that only legitimate communications reach recipients’ inboxes.
  • Gain Insights and Visibility: DMARC provides valuable insights into email traffic, including who is sending emails on behalf of your domain and whether authentication mechanisms like SPF and DKIM are properly configured. This visibility allows organisations to detect and mitigate unauthorised usage of their domains effectively.

How to Implement DMARC

Implementing DMARC is like setting up rules for your email domain to protect against phishing and spoofing attacks. Here’s how it works in simpler terms:

  1. Configuring DNS Records: Think of DNS records as the rules you set for your email domain. With DMARC, you publish these rules to specify how email should be handled.
  2. Start with Monitoring: At first, you can set a “monitoring policy” (p=none), which means you’re just watching the email traffic without taking any strict actions. This helps you see who’s sending emails on behalf of your domain.
  3. Move to Enforcement: Once you’re confident about the legitimate senders, you can switch to a stricter “enforcement policy” (p=quarantine or p=reject). This means emails that don’t meet the rules might get quarantined or rejected.
  4. Keep an Eye on Reports: It’s crucial to regularly check DMARC reports, which show you what’s happening with your email traffic. You can then adjust your policies based on these reports to find the right balance between security and making sure your emails get delivered properly.

In layman terms: if you immediately turn on a stricter policy (quarantine/reject) it likely will cause some legitimate emails from you to be rejected and not reach their recipients – which is the opposite of what you want, so make sure you implement it gradually and have someone monitor the success of the policy.


In an era where email threats are increasingly sophisticated and prevalent, implementing robust email authentication measures is imperative for organisations of all sizes. DMARC serves as a powerful tool in the fight against phishing, spoofing, and unauthorised use of your domain, offering enhanced security, brand protection, and email deliverability. By setting up DMARC for email authentication, organisations can fortify their defences, mitigate risks, and maintain trust and credibility in their communications.

For detailed instructions on setting up DMARC for your organisation for your BOMA account please send us a support request and we will take you through the steps required.

Stay secure, stay authenticated.