Phishing and email spoofing are still the easiest ways for cyber criminals to steal data, commit fraud, or compromise your business. When your domain is left unprotected, attackers can impersonate you – undermining trust, causing financial loss, and damaging your brand.
For many businesses, the challenge isn’t knowing DMARC (Domain-based Message Authentication, Reporting and Conformance) is important – it’s how to get it right.
Attackers can impersonate your domain to trick customers or staff into handing over credentials or money. Without DMARC in place, these emails are more likely to slip through and do damage.
SPF, DKIM, and DNS records are technical and often confusing. One small misstep can cause legitimate emails to fail or go to spam, leaving you with frustrated teams and missed opportunities.
Leading email service providers like Microsoft, Google, and Yahoo are now mandating DMARC authentication.
Even once you’re up and running, DMARC needs regular monitoring and adjustment. Without visibility into reports or alerts when things go wrong, issues can go unnoticed until real damage is done.
Bulk emails sent through platforms like Mailchimp or HubSpot often aren’t authenticated properly – hurting deliverability and leaving your domain vulnerable if not set up correctly.
CodeBlue’s Managed DMARC service handles the entire process – from setup and configuration to enforcement, monitoring, and reporting.
We evaluate your current setup, align your SPF and DKIM records, and apply DMARC policies that actively stop spoofed emails in their tracks.
We don’t stop at setup. Our team and tools continuously monitor your domain for unauthorised senders, misconfigurations, and issues with email delivery – alerting you early and fixing problems fast. We also ensure marketing platforms are correctly integrated and authenticated, so every message sent under your domain builds trust, not risk.
Prevent phishing and business email compromise attacks by blocking unauthorised senders from using your domain.
With properly aligned authentication records, your legitimate emails are more likely to land in inboxes – not spam folders.
Your domains are continuously monitored automatically for changes and potential issues – so we can proactively fix them before they cause problems.
We handle everything – from technical setup to troubleshooting – so you don’t have to.
We help you meet the latest authentication requirements from Google, Microsoft, and Yahoo, as well as align with NZISM and cyber insurance policies.
DMARC reports give you insights into who’s sending on your behalf and whether they’re doing it securely.
CodeBlue has been helping New Zealand businesses solve IT challenges for over two decades. We bring enterprise-grade systems and support, backed by FUJIFILM Business Innovation, but we’re still 100% focused on Kiwi organisations.
With us, there’s no lock-in, no jargon, and no surprises – just reliable, fully managed email security that works the way it should.
p=none is a monitoring-only policy. It allows you to collect aggregate reports without impacting mail flow. While it doesn’t protect against spoofing, it’s a useful first step to understand who’s sending on behalf of your domain. CodeBlue typically starts with p=none during setup, then transitions to reject once alignment and authentication are confirmed.
DMARC only passes if either SPF or DKIM authentication passes and is aligned. SPF alignment compares the return-path domain to the header “From” domain, while DKIM alignment compares the DKIM signature domain to the header “From.” If there’s no alignment, even valid SPF/DKIM results won’t satisfy DMARC.
DMARC requires more than just passing SPF or DKIM – it requires alignment with the domain in the “From” header. For example, if a marketing platform sends mail with a different return-path or uses a DKIM domain that doesn’t match your sender domain, the message will fail DMARC unless specifically configured to align.
The Return-Path is used during SPF checks – it must align with your domain if you want SPF to contribute to DMARC success. Mismatched return paths are a common cause of failed authentication. CodeBlue verifies and configures return paths across all your sending platforms to ensure alignment.
The DMARC record, published in DNS under dmarc.domain.com, contains the policy and reporting instructions. If it’s incorrectly formatted or missing required tags (like v=DMARC1), it’s ignored by receiving servers. CodeBlue validates and manages all DNS changes, avoiding syntax errors or policy gaps.
In relaxed alignment, the domain in the SPF or DKIM check only needs to match the root domain of the sender (e.g., mail.example.com aligns with example.com). In strict alignment, the domains must be identical. CodeBlue can configure the appropriate alignment based on your risk tolerance and email setup.
The sender domain appears in the email’s “From” address. The report domain is the domain receiving DMARC reports (defined in rua/ruf). CodeBlue ensures your reporting domains are authorised to receive reports, and that DMARC report flow is secure and uninterrupted.
