Protecting Your Business from Email Impersonation with SPF, DKIM, and DMARC 


In today’s digital age, email has become a cornerstone of communication for businesses worldwide. However, with the convenience of email comes the ever-looming threat of cyber attacks, particularly those aimed at impersonating your domain for malicious purposes, known as Business Email Compromise (BEC). According to the CS Breach Survey of 2023, BEC and phishing attacks remain the top causes of security breaches, posing significant risks to organisations of all sizes. 

To combat these threats, it’s crucial for businesses to implement robust email authentication methods such as SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance). These authentication protocols work in tandem to validate your domain and ensure that only legitimate emails are sent from your organisation’s domain. 

So, what exactly do SPF, DKIM, and DMARC do, and how do they reduce the likelihood of your domain being impersonated? 

SPF (Sender Policy Framework):

SPF is a simple yet powerful email authentication method that verifies that the sender of an email is authorised to send messages on behalf of a domain. By publishing SPF records in your domain’s DNS settings, you specify which IP addresses are allowed to send emails using your domain name. When an email is received, the recipient’s mail server checks the SPF record to confirm its legitimacy. If the sender’s IP address is not listed in the SPF record, the email may be marked as suspicious or rejected altogether. 

DKIM (DomainKeys Identified Mail):

DKIM adds an extra layer of security by attaching a digital signature to outgoing emails. This signature is generated using cryptographic keys stored on the sending server. When an email is received, the recipient’s mail server verifies the DKIM signature against the public key published in the sender’s DNS records. If the signature is valid, it confirms that the email was not altered during transit and originated from an authorised sender. 

DMARC (Domain-based Message Authentication, Reporting, and Conformance):

DMARC builds upon SPF and DKIM to provide comprehensive email authentication and reporting capabilities. With DMARC, you can specify policies for how email servers should handle messages that fail SPF and DKIM checks. Additionally, DMARC enables you to receive reports detailing email authentication activity, allowing you to monitor for unauthorised usage of your domain and take appropriate action. 


By implementing SPF, DKIM, and DMARC, businesses can significantly reduce the risk of falling victim to email impersonation and BEC attacks. These authentication methods provide strong safeguards against unauthorised use of your domain, ensuring that only legitimate emails are delivered to your recipients’ inboxes. 

In conclusion, safeguarding your business against email impersonation and cyber threats is paramount in today’s interconnected world. By proactively implementing SPF, DKIM, and DMARC, you can fortify your organisation’s email infrastructure and minimise the risk of falling prey to malicious actors. Don’t wait until it’s too late – prioritise email authentication today to protect your business’s reputation and sensitive information from harm. 

Alexmartin removebg preview

Written by Alex Martin
Alex Martin serves as an Incident Response and Threat Hunting Analyst at norm. In this role, Alex plays a pivotal part within the incident response team, delivering prompt security incident responses to clients facing various security breaches, including those related to business email, network, or cloud compromises. Beyond reactive measures, Alex proactively scours norm.’s clients’ environments, leveraging cutting-edge threat intelligence to identify and mitigate sophisticated threat actor behaviors.