Instant Email Domain Score
By joining forces with Sendmarc, VirtueUK is committed to offering enhanced security measures, ensuring that sensitive data and communications are protected from cyber-attacks. Check your email domain score instantly here.
Interested in a Free Phishing Security Test?
VirtueUK are partners with KnowBe4, the world's largest security awareness training and simulated phishing platform.
If you're interested in assessing the Phish-prone percentage of your users, contact us to arrange a free simulated phishing attack.
If you're interested in assessing the Phish-prone percentage of your users, contact us to arrange a free simulated phishing attack.
Interested in our Cybersecurity Framework?
Visit our article on how to organise an effective cybersecurity strategy to download a copy of our framework.
In our digitally connected world, email remains a critical pillar of communication for organisations, businesses, and individuals alike. Yet, the same ubiquity that makes email indispensable has made it a prime target for cybercriminals, with phishing, spoofing, and impersonation attacks on the rise. Against this backdrop, DMARC (Domain-based Message Authentication, Reporting and Conformance) stands out as the leading framework to protect domains—and the people who rely on them—from malicious email attacks. Recent announcements from tech giants Google and Microsoft have made it clear: DMARC adoption is no longer optional. The time for action is now.
What is DMARC?
DMARC is an open email authentication protocol designed to give domain owners control over how unauthenticated messages are handled. By building on the foundations of SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail), DMARC enables domain owners to specify how emails failing authentication should be treated—whether they are quarantined, rejected, or allowed through. Critically, DMARC also provides reporting, giving organisations visibility into who is sending email on their behalf and whether those messages pass authentication.
How DMARC Works
- SPF validates that an email message is sent from an authorised server.
- DKIM attaches a cryptographic signature to verify the sender’s identity.
- DMARC ties these technologies together, instructing receiving servers what to do if a message fails authentication—and providing feedback via reports.
Why DMARC is Important
Highlighting the importance of DMARC, the UK’s National Cyber Security Centre (NCSC) states, “Implementing DMARC is an essential measure to protect your organisation’s email domain from being misused by attackers for phishing or fraud.”
Email-based attacks are among the most pervasive threats facing organisations today. Phishing campaigns can lead to financial losses, data breaches, and reputational damage. Spoofed emails impersonating executives or trusted brands can deceive even vigilant recipients. DMARC prevents these threats by making it far more difficult for attackers to send fraudulent email from domains you own.
Benefits of DMARC:
- Prevents unauthorised use of your domain in email communications
- Protects customers, partners, and staff from phishing
- Preserves brand integrity and trust
- Provides actionable reporting for ongoing improvement
- Supports regulatory compliance and due diligence
Recent Developments: Google and Microsoft Announcements
The urgency for DMARC adoption has reached new heights in light of recent industry announcements. In 2024, Google declared that starting February, all bulk email senders must implement DMARC to ensure their emails reach Gmail inboxes. Microsoft followed in 2025, announcing similar requirements for Outlook and Exchange, underscoring the protocol’s vital role in safeguarding their users. As Microsoft stated in their May 2025 announcement: “These measures will help reduce spoofing, phishing, and spam activity, empowering legitimate senders with stronger brand protection and better deliverability.”
These moves mark a seismic shift in email security standards. No longer can organisations afford to treat DMARC as an “optional extra.” Without DMARC, legitimate emails risk being delivered to spam, or worse—blocked outright. For organisations, non-compliance can mean lost opportunities, damaged customer relationships, and exposure to cyber risk.
Why Organisations Should Act Now
With deadlines set by two of the world’s largest email providers, the window for proactive DMARC deployment is closing. Organisations need to:
- Assess their current email authentication posture
- Implement SPF and DKIM for all domains
- Publish a DMARC policy that moves progressively from “none” to “reject” as confidence grows
- Monitor DMARC reports to identify and address issues
Acting now ensures a smooth transition and positions your organisation as a leader in security, rather than a laggard at risk of disruption.
Looking Forward: The Future of DMARC and DMARCbis
As cyber threats evolve, so must our defences. DMARC has proven effective, but it is not without limitations. Forward-looking organisations should keep an eye on DMARCbis, the next generation of the protocol currently in development by the Internet Engineering Task Force (IETF). DMARCbis aims to address known pain points such as:
- Greater interoperability with third-party services and email forwarding
- Improved reporting granularity and usability
- Enhanced mechanisms for handling non-conforming messages
Preparing for DMARCbis means staying abreast of industry developments and being ready to adapt policies and configurations as standards evolve. Investing time now in robust DMARC alignment will simplify future upgrades and keep your security posture strong.