security · email authentication

Stop criminals sending email as your business.

Right now, anyone can put your business name in the "from" line and email your clients a fake invoice. Email authentication shuts that down. We set it up, get you fully locked (p=reject) without breaking your real mail, and watch it every day - so you never have to.

in plain terms

SPF, DKIM and DMARC are three small settings on your domain that let the world's mail systems check an email really came from you. SPF says which servers can send for you; DKIM signs your mail so it can't be tampered with; DMARC tells receivers what to do with mail that fails the checks - and sends back a daily report of who's sending as you. Set up properly, they stop impersonation and invoice fraud, and they help your genuine mail land in the inbox instead of spam. Set up badly, they silently break your real email - which is why it's worth having someone watch it.

what it's for

What broken email authentication costs you.

  • Invoice fraudCriminals email your clients a real-looking invoice with their bank details. Your clients pay them. Your reputation wears it.
  • Your name on phishingYour domain gets used to phish other people, and the blowback lands on you.
  • Genuine mail in spamWithout proper authentication, your real invoices and quotes quietly land in clients' junk folders.
  • No idea it's happeningMost businesses have no visibility at all - the first sign is a client asking why they were charged twice.

what you get

Managed, not another dashboard.

This runs as part of managed IT. You don't get a login. You get the outcome, and a text if something needs you.

  • Setup and hardeningWe audit your email, find every legitimate sender, and configure SPF, DKIM and DMARC properly - taking you from "anyone can spoof you" to nobody-can, without breaking real mail.
  • Always-on monitoringWe read the reports every day so you don't have to. No dashboard for you to log into. You only hear from us if something needs you.
  • New-sender managementStart using a new tool that sends email and we spot it and authorise it so it isn't blocked. A supplier's setup breaks and we catch it before it bites you.
  • Missing-email responseAn email didn't arrive? Text us. We find where it went and release or fix it, usually in minutes.
  • A monthly summaryOne plain line in your monthly report: still locked down, spoof attempts blocked, nothing needs you.

how we get there

Locked down without breaking your mail.

Turning DMARC to full strength carelessly can send your own invoices to the void. We ramp it in stages and watch every step, so it only tightens once we're sure nothing real fails.

01

Find every sender

We map everything that legitimately sends as you - Microsoft 365, Xero, your mailer, your booking tool, the website form - and set the records to match.

02

Watch first

We turn on reporting only, so nothing changes for your mail while we confirm every real sender is passing and catch anything we missed.

03

Tighten in stages

Once it's clean for a solid stretch, we step it up to quarantine, then to full block (p=reject) - each step watched, each reversible.

04

Then it's just handled

Fully locked and monitored. You never think about it again unless we text you - and if you're ever missing an email, that text goes the other way.

part of the bigger picture

One layer of your ransomware defence.

Fake emails are the number-one way ransomware and invoice fraud get in. Email authentication shuts that door - but it's one door. It works best alongside MFA, patching, endpoint protection and tested backups. See how the layers fit together on ransomware protection.

  • Stops impersonation of your domain
  • Helps genuine mail reach the inbox
  • Watched daily, not dashboard-dumped
  • Text us and it's fixed

common questions

Email authentication, answered straight.

Will this break my email?
Not the way we do it. The risk is real if you flip DMARC to full strength without checking every sender first - that's exactly why we watch in reporting-only mode, ramp in stages, and keep each step reversible. Done carefully, your real mail is unaffected and actually lands better.
Do I get a dashboard to check?
No, on purpose. Clients don't read dashboards. We read the reports for you every day and only contact you if something needs a decision. If you ever want to see it, we'll show you - but the promise is that you don't have to.
We're on Microsoft 365 / Google Workspace - does this apply?
Yes. Being on Microsoft or Google gets you part-way, but it does not set up DMARC or stop others spoofing your domain by default. This is the layer that does.
Is this sold on its own?
It runs as part of managed IT. The value is the "text us and it's fixed" relationship around it - the settings alone, with no one watching, are half the job.

start a conversation

Lock down your email.

We'll check where your email authentication stands today and what it takes to close the gap. Straight answer, no jargon.