Who's Really Sending Email in Your Name?
Anyone can put your domain in the From field of an email. Here is who is really sending mail in your name, and how to stop them.
Email was never designed to verify who actually sent a message, which means anyone can put your domain in the From field. Without protection, criminals send mail in your name and your recipients have no way to tell.
What this short video covers
- Why email lets anyone forge your domain in the From address
- How domain spoofing powers phishing, invoice fraud and impersonation
- What SPF, DKIM and DMARC each contribute
- Why DMARC has to be enforcing to actually block spoofing
- How reporting shows you exactly who is sending as you
The From address you see on an email is not verified by default, so a criminal can forge your domain and send messages that look entirely genuine to your customers, suppliers and staff. This is the engine behind most business email compromise: a trusted looking message asking to change bank details or approve a payment.
SPF, DKIM and DMARC together fix this. SPF and DKIM establish which mail is legitimately yours, and DMARC tells receivers to reject everything else, once it is set to enforce. The DMARC reports then show you every source sending in your name, so you can authorise the real ones and shut out the impostors.
Start your free health checkSubscribe for £39 per domain, per month