What is DMARC?

When a strict DMARC (Domain-based Message Authentication, Reporting & Conformance) policy is put in place for a given domain name (e.g. dumbledorelaw.com) and an email from that domain is received, it allows the recipient to be confident that the source of the email is authentic.

A strict DMARC policy would mean that fake emails (determined as those that don’t meet the policy standards) never reach the recipient - and can optionally be rerouted to a mailbox of the domain owners choosing, for further analysis. This can be useful for law firms in identifying when their firm may be under a targeted attack from fraudsters.

DMARC does not prevent an “authentic” email being sent by someone who has hacked into a persons email account, so all emails should still be treated with a degree of suspicion.

Furthermore, whilst a DMARC policy can help protect emails sent from the domain name you own, it will not prevent fraudsters from registering similar domain names, and sending emails that may look almost identical to your own.

This is known as Domain Spoofing and it easily circumvents solutions such as DMARC.

For example your email address might be albus@dumbledorelaw.com, but a fraudster registers dumbledurelaw.com and sends emails as albus@dumbledurelaw.com. As the name that appears would be set to “Albus Dumbledore” in both cases, without close inspection you are unlikely to spot the use of the false domain name.

If you want to find out more about DMARC, or consider implementing it within your law firm, the following resources will help:

DMARC

Provides an overview of the DMARC standard and history about why it was introduced.

GCA Cybersecurity Toolkit

The Global Cyber Alliance (GCA) Cybersecurity Toolkit provides a free DMARC setup guide so you can implement DMARC within your firm at no cost, and is recommended by Action Fraud.

OnDMARC

OnDMARC is a self service tool that guides you through setting up DMARC for your firm. At the time of writing it offers a free entry level account for low volume single domain users (sending up to 10,000 emails per year).

Any questions?

Email us at hello@safecapital.co.uk

Need Support?

Email us at help@safecapital.co.uk

More Information

News & Articles About Open Banking For Consumers Fraud Insights FAQs Helpdesk

Connect

LinkedIn

Logo

© 2024 Luris Systems Ltd, trading as Safe Capital. Luris Systems Ltd is a limited company registered in England and Wales (registered number 15361556). Our registered office address is 41 Bridgeman Terrace, Wigan, England, WN1 1TT. Registered with the ICO (registration number ZB645907).

Safe Capital is powered by Moneyhub Financial Technology Limited who are authorised by the Financial Conduct Authority under the Payment Services Regulations 2017 for the provision of payment initiation and account information services (firm reference number 809360).

Take Five Moneyhub

Legal

Privacy Terms Cookies
We use cookies to distinguish you from other users of our Site and analyse our traffic. Learn more