Starting May 2025, Microsoft will strictly enforce DMARC policies across Outlook and Exchange Online. This isn't just another update—it’s a major move in the war against email spoofing, phishing, and impersonation. ✅ DMARC protects your brand. ✅ Improves email deliverability. ✅ Shuts the door on impersonators. If your SPF/DKIM/DMARC isn’t configured properly? Your emails might get quarantined or blocked entirely. Here’s what to do now: 1️⃣ Set up SPF & DKIM – cover all sending services (like Mailchimp, Google, M365) 2️⃣ Publish a DMARC record – start with p=none to monitor 3️⃣ Analyse reports with tools like EasyDMARC or Valimail 4️⃣ Gradually enforce (move from quarantine → reject) 5️⃣ Audit every third-party sender – your CRM, invoicing, and marketing tools 🔍 Doing nothing = broken campaigns, lost trust, compliance headaches. This isn’t just an IT task. It’s a brand protection move. It’s a compliance step for frameworks like PCI DSS 4.0.1 and ISO 27001. Let’s make sure your emails hit inboxes—not junk folders. Got questions? Drop them below 👇 or DM me for help getting your domain ready.

Heads up, team! If you’re a merchant, service provider, or anyone handling cardholder data, this update is 🔥. PCI DSS 4.0.1 is here—and it's not just a patch. It’s a signal. For the first time, DMARC (Domain-based Message Authentication, Reporting & Conformance) has made it into the PCI DSS glossary. That’s not a random footnote—it’s a clue about where compliance is headed: ➡️ Email threats are now a compliance concern, not just a security best practice. Here’s why this matters: - Phishing is still the #1 way criminals breach systems. - PCI DSS 4.0.1 is making it clear: You can’t protect cardholder data if you don’t protect your domain. - DMARC (plus SPF & DKIM) builds a “proof-of-origin” for your email—so attackers can’t spoof your domain and trick customers or suppliers. 🔐 What to do now: If you haven’t deployed DMARC with enforcement, now’s the time. Start with: 1. SPF/DKIM aligned 2. Monitor-only DMARC 3. Gradually enforce (quarantine > reject) Let this update be your nudge to take action before auditors make it mandatory. 📥 I’ve broken this down in a quick guide on the blog: 👉 How DMARC Fits Into PCI DSS 4.0.1

Which type of attack involves tricking users into revealing sensitive information by pretending to be a trusted entity?

What do you believe is the greatest cyber threat facing small businesses today?