How do third-party marketing agencies send emails on behalf of clients while staying
by DuoCircle
It is a common practice for businesses to delegate marketing tasks to third-party agencies. Working with these marketing agencies brings in added benefits such as specialisation in particular niches and cost-effectiveness. These agencies need to take extra care to ensure their emails don’t end up in the spam folder or get rejected.
DMARC policy transition strategies for global banks: Moving to quarantine and reject safely
by DuoCircle
DMARC has now become a non-negotiable for every organization that sends bulk emails on a daily basis. It is even more critical for banks, where the stakes are so high that it’s not merely about money, but also sensitive data of their customers, regulatory compliance, and the integrity of their brand.
Using the DMARC reject policy for non email sending domains: A guide
by DuoCircle
You might think that only your active domain (the one that you use to send emails) is vulnerable to spoofing and phishing attacks. But the truth is, there is more than one way that attackers use to intercept your systems, and often they are the ones you least expect. That’s the reality of email-based attacks; they not only exploit your primary, active domain, but also make backdoor entries through non-email-sending domains and parked domains. The reason cybercriminals go after the parked domains, instead of active ones, is that the former are often overlooked. It is easier to think that the attackers might not even pay heed to the inactive ones, but they know that these dormant ones are low-hanging fruit.
What is a DMARC analyzer tool, and how to use it in the best way?
by DuoCircle
If you are planning to secure your business email communications by deploying email authentication policies such as SPF, DKIM, and DMARC, know that this is just the tip of the iceberg. In order to ensure fool-proof security for your email landscape, you must use a DMARC analyzer tool. With its help, you get to evaluate DMARC reports closely, thereby bolstering the email system.
The 32KB limit in DMARC reports: What it means and why it matters
by DuoCircle
Has it ever happened to you that you sent around 500,000 emails a day but only received DMARC reports for half of them? That too, without any alerts or warnings?
How to fix the “DMARC policy not enabled” error- Everything you need to know!
by DuoCircle
If you have stumbled upon this blog, then it is highly likely that you are dealing with the issue of the “DMARC policy not enabled” error. You get this message when your domain has a DMARC record, but there is no valid policy to define it. A DMARC record makes no sense without a DMARC policy. It’s like having a front desk guard in your building who smiles and nods, even when strangers walk in. Hence, the moment this message appears, you must understand that your email system is no longer protected against phishing and spoofing attacks.
How are Gmail and Outlook policies raising the bar for DMARC adoption?
by DuoCircle
There was a time when email security was a mere IT concern; it was a good-to-have but wasn’t really a priority. We are referring to a time when email-based threats were not as prevalent or dangerous as they are today. It might sound like we are talking about a distant past here, but that’s the reality. You can no longer put email security on the back burner, thinking that your emails will protect themselves or that cybercriminals will never reach you.
Cloudflare’s new SPF, DKIM, and DMARC requirements
by DuoCircle
Starting July 3, 2025, Cloudflare requires all emails to be authenticated using at least one of the protocols. SPF or DKIM, to forward them. This requirement has been imposed in consideration of the growing number of email-based phishing and spoofing attacks. These email authentication protocols ensure that only authorized emails reach the inboxes of recipients, thereby preventing them from being manipulated into transferring money or sharing confidential information.
DMARC is now mandatory in New Zealand: Here’s what the NZ government expects
by DuoCircle
Most countries have already made DMARC enforcement mandatory, especially for government agencies (after all, that’s where the real threats lie). But New Zealand wasn’t on this list until now!
When it comes to B2B and B2C business communications, email plays a crucial role as a core communication channel. From running marketing campaigns to offering customer support, from notifying customers with transactional details to engaging them one-on-one with newsletters and emails, they do it all for your business.
But what if these emails do not reach your audience at all? Poor email deliverability can not only affect your day-to-day business operations but also tarnish your brand reputation. This is exactly why you need DMARC to enhance your email deliverability.
Let’s find out how your email deliverability is dependent on DMARC.
Cold emailing is a strategic and effective way for businesses and service providers to reach potential clients, pitch their best offers, and generate high-quality leads. However, with so much noise surrounding AI chatbots, funnel automation, and generative AI, cold emailing no longer works the way it did five years ago. Two major factors that determine the fate of your cold emails are trust and deliverability. Without these two, cold emailing in 2025 may feel like a lost cause.
Avoiding common BIMI pitfalls: What goes wrong and how to fix it
by DuoCircle
BIMI (Brand Indicators for Message Identification) does one simple task— showing your brand logo next to your emails in the recipients’ inboxes. But getting there? Not so much.
You might think it’s easy to get your logo to be displayed next to your emails, but unfortunately, it’s nothing like setting a profile picture. (more…)
The common ‘DMARC policy not enabled’ error pops up during a reverse DNS lookup, indicating that no valid policy is defined in your domain’s DMARC record. Without a DMARC policy, a DMARC record is of no use— it provides no protection from phishing and spoofing emails sent from your domain.
You might be under the impression that the three major email authentication protocols are mutually exclusive. Well, this might be the most common misunderstanding and is particularly true for SPF (Sender Policy Framework).
How does DMARC p=reject work against phishing attempts?
by DuoCircle
It’s well known that you need to have a strong defence mechanism in place to ward off phishing attacks. Speaking of which, Domain-based Message Authentication, Reporting, and Conformance (DMARC) stands out as an email security protocol. Not only does it protect your domain from being misused by attackers, but it also gives you control over how unauthenticated emails are handled.
Setting up a DMARC record on GoDaddy is a smart move for anyone looking to protect their email domain from spammers and scammers. If you’ve ever been frustrated by phishing attempts or spoofed emails, you’re not alone! This guide is here to help you take control of your email security with straightforward steps designed for even the most novice user. By following these easy instructions, you’ll gain peace of mind knowing that your emails are safer, while making it harder for bad actors to exploit your domain. Let’s dive in and get your DMARC record set up today!
Subdomailing: The DMARC risk you might be ignoring
by DuoCircle
In 2024, Guardio’s email protection systems identified unusual patterns in email metadata, related explicitly to SMTP servers and their authentication as legitimate senders. Upon investigation, it was discovered that this campaign has been ongoing since at least 2022 and involves over 8,000 domains and 13,000 subdomains owned by legitimate companies, including those belonging to MSN, McAfee, eBay, and VMware, which were compromised due to subdomain hijacking. This research led to the coining of a new term—subdomailing.
Email was never actually built with keeping security in mind. Back in the day, it was just a medium of communication, and it operated on trust. This made it a vulnerable target for threat actors who started exploiting email for spoofing, phishing, and spam. Over the years, email threats evolved, triggering the need for authentication mechanisms to verify if the sender is actually who they are claiming to be and protect recipients.
It’s been more than a year since Google and Yahoo pushed domain owners to adopt DMARC. This push has paid off partially— why partially? Because the number of domains with DMARC has doubled, but they aren’t configured strictly. Domain owners have just implemented DMARC for the sake of it, but have done nothing to advance the policies and strengthen email security. As per a survey done by Mailgun, 66% of senders are aware that they are using both SPF and DKIM for email authentication. About 25.7% of respondents don’t know how their organizations are using DKIM and SPF, and less than 9% said they are using only one of the two.
