DMARC monitoring for accountants
Weekly plain-English monitoring that shows your firm every attempt to use its email identity - through payroll runs, tax deadlines and everything between.
Start your free health checkUK data · UK servers·UK GDPR compliant·ICO registered·Professionally insured·Cyber Essentials in progressRegulatory alignment - ICAEW and HMRC agent guidance
ICAEW and ACCA guidance highlights email security as a key risk area for accountancy practices, particularly given HMRC agent account compromise and client payroll fraud. DMARC monitoring provides a documented audit trail of your domain's email authentication posture, useful for professional indemnity renewals and practice reviews. Source: ICAEW cyber security guidance
The risk: a domain worth impersonating
Few businesses send emails that get acted on as readily as an accountant's. "Please pay this VAT bill by Friday." "Here are the updated payroll figures." "HMRC requires this by the 31st." Clients comply - that's the relationship. A criminal who can send email as your domain inherits that compliance, and the calendar tells them exactly when to strike: self-assessment season, VAT quarters, payroll cut-offs.
The scale of email impersonation around tax is well documented at the top: criminals sent roughly 500 million emails spoofing HMRC's own domain in 2015, before HMRC's DMARC enforcement cut phishing emails by 300 million in a year. The same technique works against any trusted financial correspondent - including your firm.
Where the professional bodies stands
Neither ICAEW nor ACCA mandates DMARC, and SealedMail won't pretend otherwise. ICAEW folds cyber security into its Code of Ethics - confidentiality and professional competence - and recommends baseline certifications such as Cyber Essentials; ACCA takes a similar guidance-level position. HMRC expects agents to protect their agent accounts and credentials.
The professional framing is straightforward: client confidentiality and competent practice management imply knowing whether your firm's email identity is being abused. DMARC monitoring is how a firm knows.
What a SealedMail report shows an accountancy firm
Every Monday, in plain English: every source that sent email as your domain, whether it authenticated, and what happened to mail that failed. If someone ran a campaign against your clients during the January rush, your report describes it - scale, origin, and whether your current DMARC policy blocked it or only logged it. It also confirms, weekly, that your own legitimate senders - practice management software, payroll platforms, e-signature tools - are authenticating correctly.
When a client's auditor, your PI insurer or a cyber insurance renewal asks how email impersonation risk is managed, the answer is a folder of dated weekly reports.
Why accountancy firms choose SealedMail
Plain English, zero IT overhead. Built for the partner or practice manager who has no time to learn a security dashboard.
One fixed, budgetable cost. £49 per domain, per month - a number that behaves the way accountants like numbers to behave.
A named UK supplier. One expert, directly accountable, with a due-diligence information sheet available for your supplier file.
£49 per domain, per month·No contract - cancel any time·UK-based·Support Mon-Fri 09:00-17:00
Before the next deadline rush
The free health check shows exactly where your domain stands - scored and explained, no obligation.
