Trusted email security expert | improve your email security in 2025

Capture DMARC Reject Email Copies

by

Rob Walton
in ,

It is recommended to ensure you have the highest SPF, DKIM, and DMARC email protection for all your email domains.

This includes setting the DMARC email protection level to the highest “reject” mode. DMARC “reject” mode will result in rejection for any email sent from your domain name that is not covered by SPF and DKIM protection. An inbound email can be from any system, inside, our outside of your network.

Email Security SPF Checker

Use the free Kitterman SPF tool to validate any email domain. Checking of your SPF record is recommended. Often an SPF record may become invalid if it contains too many DNS lookups. An error may have been made within the SPF record that has made it invalid. An invalid SPF record is an open door through the first line of defense against impersonation and spoofing email attacks. And opens the door into your supply chain for these attacks.

External email systems from your supply chain may reject emails sent from your domain name that do not have aligned SPF and DKIM entries. Not having DMARC set to for Reject mode will prevent them from protecting themselves.

This is good news from an email protection perspective.

Examine DMARC Reject Emails for Threat Hunting

Using your email system transport rules it is possible to not just reject emails that fail DMARC. It is also possible to redirect copies of these emails to a hidden shared mailbox in your email system. This allows the cyber security team to monitor this shared mailbox for any ongoing malicious email activity. Examples are email impersonation and/or spoofing. There may be evidence of an ongoing cyber attack within the shared mailbox Inbox that warrants further investigation.

DMARC Email Protection – Record Checker and DMARC Reporting

We use the free DMARCLY DMARC record checker for current status of any email domain DMARC record.

For a DMARC shared mailbox it recommended to place strict delegate controls on who can access it. As there will often be malicious email payloads present.

We recommend a free DMARC reporting tool, such as Valimail, to monitor your email traffic for any invalid applications trying to send email from your email domains. A DMARC reporting tool allows you to see any potentially legitimate email system trying to send emails using your email domain.

Contact Us today for a review of your SPF, DKIM and DMARC email authentication protection.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *