In today’s evolving cyber threat landscape, email remains the most exploited attack vector. Business Email Compromise (BEC), phishing, spoofing, and impersonation attacks continue to surge, targeting enterprises, customers, and supply chains alike. As organizations strengthen their perimeter defence’s, securing the email channel has become not just a compliance requirement - but a critical business enabler. This is where DMARC (Domain-based Message Authentication, Reporting & Conformance) plays a pivotal role.

As cyber threats evolve, so too must the tools we use to protect against them. One of the most powerful standards in email security - DMARC (Domain-based Message Authentication, Reporting, and Conformance) - is undergoing a major evolution. The proposed update, known as DMARCbis, is a revised version of the original DMARC standard (RFC 7489), currently working its way through the IETF standardization process.

In today’s digital world, email remains one of the most widely used - and most targeted - communication channels. To combat rising threats like phishing, spoofing, and spam, Microsoft Outlook is rolling out new authentication requirements for high-volume senders (defined as those sending over 5,000 messages per day). These changes aim to create a more trustworthy and secure email ecosystem.

Google has made email branding more accessible for organisations of all sizes by introducing Common Mark Certificates (CMC) as an alternative to Verified Mark Certificates (VMC) for BIMI implementation. This change allows organisations to display their logo in Gmail inboxes without the need for trademark registration, significantly reducing the cost and complexity of enhanced email security.

Setting up a DMARC policy is not a one-time task. To stay safe from threats in the long-run, organizations need to continuously manage their DMARC policy to ensure all domains are covered and properly protected. Just as organizations continuously change and evolve, so must DMARC.

BIMI (Brand Indicators for Message Identification) is a way to quickly show email recipients that emails actually originate from your organization. It allows you to add your brand logo to all outgoing emails so recipients can trust that they come from you and not a malicious third party. 

The requirements of the NIS2 Directive are extensive and address many different aspects of digital security, including email security. For organizations to meet the email security standards set by NIS2, they need a correctly configured DMARC policy.

Implementing a DMARC policy for very small organizations is not too complex. Generally, one just needs to ensure it is implemented correctly for a single domain. However, for larger organizations, with multiple domains and email systems, it is much more complicated.

The default settings of most major email providers have for a long time not been enough to stop email threats from reaching inboxes. But that is now changing with Google and Yahoo's new email security requirements, including the mandatory implementation of DMARC.

A DMARC (Domain-based Message Authentication, Reporting, and Conformance) policy is a key part of organizational email security. It prevents email threats from reaching your employees and users, and it is now a requirement by major email providers like Gmail and Yahoo.