Actively block phishing attacks and prevent 3rd parties impersonating your email domain to any recipient such as clients, suppliers or employees.

Protect your email. Protect your firm.

When it comes to cyber crime, email is a law firm's biggest risk. Anyone can send an email directly to your customers, suppliers or employees pretending to be you if DMARC is not deployed.

Safeguard your email
Identify fraudulent email
Managed implementation
Improve email deliverability

Safeguard your email

Any 3rd party can impersonate your firm, via email, to your employees, clients and suppliers. You can prevent it with OnDMARC.

Get started securing your email.

OnDMARC is a web based service that allows you to effectively secure your firm's email. You can protect your staff and clients from receiving and falling victim to email modification fraud.


What is DMARC?

DMARC stands for Domain-based Message Authentication, Reporting and Conformance.

It is a protocol that was built on top of the existing protocols SPF and DKIM. 

DMARC does a few things:

1. It takes into account the results from SPF and DKIM 

2. It requires not only for SPF or DKIM to pass but for them to also align with the domain found in the From address in order for DMARC to pass.

3. Reports SPF, DKIM and DMARC results back to the domain found in the From address (ie. sender).

4. Finally tells receivers how to treat emails that fail DMARC validation by specifying a policy in DNS.

Does OnDMARC require installation?

No, DMARC is a protocol that relies only on the configuration of 3 types of DNS records:

1) DMARC record: declares the policy to be applied when validating emails received from your domain. And allows OnDMARC to start monitoring the sources of your email traffic.

2) SPF record: declares the list of IP addresses for the services that are allowed to send emails on behalf of your domain.

3) DKIM records: services sending emails on your behalf should sign these using DKIM and the public key for these signatures are hosted as DNS records

Do you provide support?

We provide support via email and phone.

Additionally we can provide personalised support with a custom SLA as an add-on service. If you sign up for this service a member of our team will work with you on configuring and maintaining your protection.

What does the process of setting up DMARC look like?

OnDMARC will guide you through the steps of securing your email.

For detail of the full process see our Getting Started Guide.

What does full DMARC protection result in?

Congratulations, your domain is now protected against impersonation attempts. As a bonus, a correctly configured domain also improves the deliverability of your emails. 

From now on, your domain is protected so new email sources that are not authorised to send emails on your behalf will be blocked by their receivers. When you want to add a new email service to send emails on your behalf, make sure to follow their instructions on how to setup SPF and DKIM correctly. All major CRM and bulk email services (i.e.: Sendgrid, Mailchimp, Drip, etc...) support these protocols so there should be no problem for you.

Do both senders and receivers have to implement DMARC in order for it to be effective?

Only you need to have DMARC in order to protect your domain from being used in phishing attacks. Almost all email receivers are DMARC enabled so they will be able to execute your DMARC configuration.

We have not had any phishing attacks that use our exact domain.

The chances are that without a DMARC reject policy your domain has been used multiple times without your knowledge. We offer a free 14 day trial in which you will see reports of how your domain is being used before you commit to anything. 

Does DMARC stop phishing by lookalike domains?

DMARC will not stop phishing from lookalike domains but it is best practice to purchase your lookalike domains and park them. 

How long does it take to set up OnDMARC?

Setting up OnDMARC is very simple.

For detail of the full process see our Getting Started Guide.

How easy is it to send emails from an unprotected domain?

With simple instructions that can be found online it is relatively straightforward for anyone with some technical knowledge to send an email from an unprotected domain.