Phishing is the most common attack vector used by cybercriminals due to its simple but effective techniques. Therefore, utilising mail protection features such as SPF, DKM and DMARC, is crucial for any individual or organisation in order to reduce the likelihood of being targeted by a Phishing attack.

“76% of businesses reported being a victim of a phishing attack in the last year.”

Wombat Security, 2018 State of the Phish Report

Most individuals are unable to identify the difference between a phishing email and an email from a trusted source. Therefore, SPF (sender policy framework), DKIM (domain keys identified mail) and DMARC (domain-based message authentication, reporting and conformance) are a key solution.

SPF and DKIM make up the DMARC process. They are all email authentication protocols that work together to reduce the likelihood of employees falling victim to phishing attacks by sending suspicious emails to spam folders. In order to pass DMARC, a message must pass SPF authentication and SPF alignment and/or DKIM authentication and DKIM alignment.


A simple email validation system designed to detect email spoofing by providing a mechanism that decides which mail servers are authorised to send mail from your organisation’s domain.


An email authentication method that validates the domain’s identity associated with an email.


Gives email senders an opportunity to show that their messages are protected by SPF and/or DKIM, and tells receivers what to do if one of the authentication methods fails the check by either:

  • Quarantine messages that fail – e.g. sending them to the spam folder;
  • Rejecting messages that fail – e.g. don’t deliver the mail at all.

From the time an email is sent to the point when it arrives in your inbox, DMARC, SPF and DKIM work together to ensure authentication in three simple steps.

However, DMARC is not an authentication protocol that you can get instant protection from. It can take an organisation up to 6 months to a year to go through their supply chain to make sure their interfacing mail servers are all doing the same.

While there is some effort involved in set-up and configuration of these protection features, the benefits far outweigh the effort.