The problem
A huge amount of business fraud starts with email impersonation:
- Fake supplier invoices
- “CEO” payment requests
- Password reset scams
The fix is not only training. It’s proving your emails are real.
The three controls that protect your domain
- SPF
- Lists which mail servers are allowed to send as your domain
- DKIM
- Adds a cryptographic signature to outgoing mail
- DMARC
- Tells receiving systems what to do if SPF/DKIM fail and where to send reports
Google Workspace includes guidance for setting up DMARC to protect your domain from spoofing.[1]
Why 2026 is the tipping point
Email providers are getting stricter.
If your domain isn’t properly authenticated:
- Legit emails can land in spam
- Marketing tools might stop delivering
- Spoofing becomes easier to pull off successfully
A practical DMARC rollout (without breaking your tools)
- Start with “p=none”
- Collect reports, see who is sending as your domain
- Fix what you discover
- Add missing senders to SPF
- Enable DKIM for every platform
- Update third‑party tools (CRMs, newsletters, quoting tools)
- Move to enforcement
- Set DMARC to quarantine, then reject
Signs you need to act this month
- Clients say your emails go to junk
- You send invoices by email
- You use multiple tools that send email (marketing, quoting, support)
- Someone in finance has already seen a “change bank details” email scam
Quick checklist
- [ ] SPF includes all approved senders
- [ ] DKIM enabled for every mail platform
- [ ] DMARC reporting enabled
- [ ] DMARC moved toward enforcement (quarantine/reject)
What Clyk can do
- Audit SPF/DKIM/DMARC end-to-end
- Fix delivery issues caused by misconfiguration
- Reduce invoice fraud risk with anti-impersonation controls
Want us to run a domain email-auth health check?
.webp){kind=logo}
%20(1).webp){kind=small}
