Email security is no longer just an IT task. Cyber insurers ask about it at renewal, supplier assurance questionnaires require it, and Cyber Essentials depends on related controls. This check gives you a documented, plain-English baseline you can put in front of auditors, insurers and clients.

Where email security meets compliance

Cyber insurance renewal

Most insurers now ask specifically about SPF, DKIM, DMARC and MFA. Missing controls are linked to business email compromise claims, and can affect your cover and premium.

Cyber Essentials

Cyber Essentials requires MFA on all accounts and email filtering. It does not mandate SPF, DKIM or DMARC by name, but assessors commonly raise them, and MFA gaps are a hard fail.

GDPR and data protection

Your email carries personal data. GDPR Article 32 expects appropriate technical measures, and a spoof or compromise that exposes client data is a notifiable incident.

Supplier assurance

Larger clients run due-diligence checks before onboarding suppliers. A spoofable domain is a visible red flag that can cost you the contract.

How to get compliant

Run the free check above to get your baseline. Then have your IT team configure SPF, DKIM and DMARC, moving DMARC from p=none to quarantine and then reject, and enable MFA on every mailbox. Keep the before-and-after check results as documented evidence for your insurer, auditor or client. The controls are low-cost and quick to implement.

Your quick checklist

  • SPF, DKIM and DMARC configured on your sending domain
  • DMARC at quarantine or reject, not monitor-only
  • MFA on every email account
  • A documented check result kept as evidence
  • Email logs retained for incident investigation

Questions we get asked

Does Cyber Essentials require DMARC?

Not by name. Cyber Essentials requires MFA on all accounts and email filtering. Assessors often raise SPF, DKIM and DMARC as best practice, and the most common actual failure point is MFA. The check covers all three authentication records.

Will this help at cyber insurance renewal?

Yes. Insurers ask specifically about SPF, DKIM, DMARC and MFA. A documented check result showing these in place supports your answers and can help your cover and premium.

A client sent us a security questionnaire. Can this help?

Yes. The plain-English result gives you evidence of your email authentication status to answer supplier assurance and due-diligence questions, without drowning in technical jargon.

Run the free check above for a documented baseline you can share with auditors, insurers and clients.