Email remains one of the most exploited channels for cyberattacks. As cyber threats evolve, so too must the tools we use to protect against them. One of the most powerful standards in email security – DMARC (Domain-based Message Authentication, Reporting, and Conformance) – is undergoing a major evolution. The proposed update, known as DMARCbis, is a revised version of the original DMARC standard (RFC 7489) and is working its way through the IETF standardization process. This deep dive will review the DMARCbis specification from both technical and strategic angles, explain how it improves upon the original DMARC protocol, compare it with other email authentication methods (SPF and DKIM), and discuss what businesses should know as they prepare for this next era of email security.
Disruption beats listing: Why domain takedowns and enforcement stop cybercrime at the source
Phishing and domain-enabled fraud are not “edge cases” in today’s threat landscape - they are a primary entry point. reports that phishing remains the dominant initial intrusion vector in Europe, accounting for 60% of cases in the reporting period covered by the ENISA Threat Landscape 2025. Against that backdrop, most organisations still rely heavily on passive controls: email filtering, URL reputation checks, and third‑party abuse lists. These controls matter - but they do not end the threat. They flag malicious infrastructure; they do not remove it.
Anonymous Domain Registration Is Fuelling Cybercrime - And the Industry Knows It
Phishing, fraud, malware, and brand impersonation do not scale because attackers are especially clever - they scale because the internet makes it cheap and anonymous to stand up new infrastructure. At the centre of that problem sits domain registration. If domains can be registered globally with minimal identity verification, cybercrime will continue to industrialize faster than defenders can respond. This article examines why anonymous registration has become one of the internet’s most powerful abuse enablers - and what would change if registrars worldwide treated identity verification as a security control, not a formality.
Jurisdiction Matters: Why EU Organisations Should Choose European Domain Registrars
Public sector IT leaders, legal officers, and enterprise decision-makers often face a critical question: does it matter where your domain name registrar is based? In an era of strict data protection laws and rising digital sovereignty concerns, the answer is a resounding yes. Choosing a domain registrar located in the European Union (EU) versus one outside (for example, a US-based provider) can have far-reaching implications for legal compliance, data security, and public trust. This article delves into why EU public entities and enterprises should opt for an EU-based registrar - highlighting the legal risks of foreign jurisdictions and the tangible benefits of keeping your domains under EU oversight.
The new cybersecurity law – what the public sector needs to know
On 15 January 2026, Sweden's new Cyber Security Act (SFS 2025:1506) will come into force. The Act aims to achieve a high level of cyber security in society and implements the EU's NIS 2 Directive into Swedish law. This means that many organisations will face stricter requirements to improve their protection against cyber threats. The government has emphasised that municipalities and other organisations also need to ‘step up their game’ in their cybersecurity work – the new law will tighten the requirements for these actors. In this article, I summarise the purpose of the law, which public sector organisations are affected, the key obligations (particularly regarding security measures, incident reporting and training) and provide practical guidance ahead of its entry into force.
Enforcing DMARC with p=reject: A Strategic Imperative for Email Security in the Enterprise and Public Sector
In today’s evolving cyber threat landscape, email remains the most exploited attack vector. Business Email Compromise (BEC), phishing, spoofing, and impersonation attacks continue to surge, targeting enterprises, customers, and supply chains alike. As organizations strengthen their perimeter defence’s, securing the email channel has become not just a compliance requirement - but a critical business enabler. This is where DMARC (Domain-based Message Authentication, Reporting & Conformance) plays a pivotal role.
DMARCbis: The Future of Email Authentication — What You Need to Know
As cyber threats evolve, so too must the tools we use to protect against them. One of the most powerful standards in email security - DMARC (Domain-based Message Authentication, Reporting, and Conformance) - is undergoing a major evolution. The proposed update, known as DMARCbis, is a revised version of the original DMARC standard (RFC 7489), currently working its way through the IETF standardization process.
Strengthening the Email Ecosystem: Outlook’s New Requirements for High-Volume Senders
In today’s digital world, email remains one of the most widely used - and most targeted - communication channels. To combat rising threats like phishing, spoofing, and spam, Microsoft Outlook is rolling out new authentication requirements for high-volume senders (defined as those sending over 5,000 messages per day). These changes aim to create a more trustworthy and secure email ecosystem.
Google makes branded emails more accessible with Common Mark Certificates (CMC)
Google has made email branding more accessible for organisations of all sizes by introducing Common Mark Certificates (CMC) as an alternative to Verified Mark Certificates (VMC) for BIMI implementation. This change allows organisations to display their logo in Gmail inboxes without the need for trademark registration, significantly reducing the cost and complexity of enhanced email security.
Long-Term Email Security: The importance of continuous DMARC Compliance Management
Setting up a DMARC policy is not a one-time task. To stay safe from threats in the long-run, organizations need to continuously manage their DMARC policy to ensure all domains are covered and properly protected. Just as organizations continuously change and evolve, so must DMARC.
What is BIMI and why it's important for your brand
BIMI (Brand Indicators for Message Identification) is a way to quickly show email recipients that emails actually originate from your organization. It allows you to add your brand logo to all outgoing emails so recipients can trust that they come from you and not a malicious third party.
Email Security and NIS2: Why the Public Sector needs DMARC for NIS2 Compliance
The requirements of the NIS2 Directive are extensive and address many different aspects of digital security, including email security. For organizations to meet the email security standards set by NIS2, they need a correctly configured DMARC policy.
Why implementing DMARC for all your domains matters
Implementing a DMARC policy for very small organizations is not too complex. Generally, one just needs to ensure it is implemented correctly for a single domain. However, for larger organizations, with multiple domains and email systems, it is much more complicated.
Making the Internet Safer: Google and Yahoo enhance Email Security
The default settings of most major email providers have for a long time not been enough to stop email threats from reaching inboxes. But that is now changing with Google and Yahoo's new email security requirements, including the mandatory implementation of DMARC.
What is DMARC and why you need it to keep your emails safe
A DMARC (Domain-based Message Authentication, Reporting, and Conformance) policy is a key part of organizational email security. It prevents email threats from reaching your employees and users, and it is now a requirement by major email providers like Gmail and Yahoo.
Corporate Address
Jan Stenbecks torg 17
164 40 KISTA
SWEDEN
Quick Links
Resources
About
