What is DMARC and do I need it?

DMARC (Domain-based Message Authentication, Reporting and Conformance) is a DNS record that tells receiving mail servers what to do with emails that fail authentication — either mark them as spam or reject them entirely. Without DMARC, anyone can send emails that appear to come from your domain. DMARC is a Cyber Essentials requirement and should be implemented by every UK business. AMVIA configures DMARC in monitoring mode first to avoid disrupting legitimate email, then moves to enforcement.

What is Business Email Compromise (BEC) and how does it work?

Business Email Compromise is a type of fraud where an attacker impersonates a senior executive, supplier, or business partner and instructs the victim to transfer money, change payment details, or share sensitive data. The attacker either compromises the real email account (through phishing) or registers a look-alike domain. BEC attacks do not use malware — they exploit trust — which makes them harder to filter. AMVIA's email security includes AI-based BEC detection that identifies impersonation attempts based on sender behaviour and email content.

How does email filtering work?

Email filtering analyses inbound messages at multiple levels: IP reputation of the sending server, SPF/DKIM/DMARC authentication results, content analysis of the email body and subject line, URL checking against threat intelligence feeds, and attachment scanning (including sandboxing to detonate suspicious files in isolation). Modern filtering uses machine learning trained on billions of emails to identify new phishing patterns that have not been seen before.

Is Microsoft 365 email security sufficient on its own?

It depends on your licence tier. Microsoft 365 Business Premium includes Defender for Office 365 Plan 2 — which, correctly configured, provides strong protection. Business Basic and Business Standard include only basic filtering (Exchange Online Protection). For businesses not on Premium, adding a third-party secure email gateway such as Mimecast significantly improves protection. AMVIA will assess your current licence and configuration and recommend the most cost-effective approach.

How much does managed email security cost?

For businesses already on Microsoft 365 Business Premium, AMVIA's management and configuration service costs from £5 per user per month — tuning Defender, implementing DMARC, and running phishing simulations. For businesses needing a third-party email gateway (Mimecast or similar), expect to add £3–£8 per user per month for the gateway licence plus AMVIA's management layer. Contact us for a quote based on your user count and current licences.

Email Security

Email Security and Phishing Protection for UK Businesses

Email is the primary entry point for over 90% of cyberattacks against UK businesses. AMVIA provides managed email security — combining anti-phishing filters, DMARC/DKIM/SPF configuration, attachment sandboxing, and phishing simulation training — to protect your business from the most common threat vector.

Call 0333 733 8050

85%of UK cyber breaches involve a phishing attack as the initial entry point (DSIT 2025)

£125,000+average loss from a successful Business Email Compromise (BEC) attack on a UK business

1,200+UK businesses protected by AMVIA's managed email security service

Last updated: March 2026

Business email is the entry point for over 90% of cyberattacks. Effective email security combines anti-phishing filters, DMARC/DKIM/SPF configuration, malware sandboxing, and business email compromise (BEC) detection. AMVIA manages Microsoft Defender for Office 365 and third-party email gateways for 1,200+ UK businesses — reducing email-borne threats by over 99%.

What Is Email Security?

Email security encompasses the technologies and processes that protect your business email from phishing attacks, malware delivery, account compromise, and email spoofing. An effective email security solution combines filtering (blocking malicious emails before they reach the inbox), authentication (verifying that emails claiming to be from your domain are genuine), and awareness training (helping your staff recognise and report suspicious emails). Microsoft 365 includes baseline email filtering, but most businesses need additional controls to protect against sophisticated attacks.

What Our Email Security Service Includes

AMVIA manages all layers of email security for UK businesses — from filtering and authentication to simulated phishing campaigns and user training.

Anti-Phishing and Spam Filtering

Advanced email filtering using machine learning and threat intelligence to block phishing emails, malware-laden attachments, and malicious URLs before they reach your users' inboxes.

DMARC, DKIM, and SPF Configuration

Email authentication protocols that verify messages are genuinely from your domain — preventing attackers from impersonating your business to suppliers, clients, or staff. We configure and monitor all three.

Business Email Compromise (BEC) Protection

AI-based detection of impersonation attacks where criminals pose as senior staff or trusted suppliers to authorise fraudulent payments. BEC is the highest-value email threat facing UK SMEs.

Attachment Sandboxing

Suspicious email attachments are detonated in an isolated sandbox environment before being delivered, preventing weaponised documents and executables from reaching your users.

Email Archiving and Continuity

Compliant email archiving for regulatory purposes (FCA, SRA, GDPR), plus email continuity services that keep your inbox accessible even if Microsoft 365 suffers an outage.

Phishing Simulation Training

Regular simulated phishing campaigns test your staff's awareness, with targeted training for users who click. Measurably reduces susceptibility to real phishing attacks over time.

Email Security Checklist

Key email security controls every UK business should have in place.

DMARC policy configured with p=quarantine or p=reject

DKIM signing enabled for your email domain

SPF record published and validated

MFA enforced on all email accounts

Attachment and URL scanning active on inbound email

Staff phishing awareness training completed in the last 12 months

Why Email Security Matters for UK Businesses

Email is the single most important attack surface for the vast majority of UK businesses. The UK Government's Cyber Security Breaches Survey 2025 found that 85% of breaches involving a cyber attack began with a phishing email. Despite this, many businesses rely solely on the default filtering included in Microsoft 365 — which, while improved significantly in recent years, is not sufficient to block sophisticated phishing campaigns, business email compromise attacks, or targeted spear-phishing.

The financial consequences of email-based attacks are severe. Business Email Compromise (BEC) — where criminals impersonate executives or suppliers to authorise fraudulent payments — costs UK businesses over £125,000 on average per successful attack. Ransomware delivered via email attachments regularly causes days or weeks of operational disruption.

Types of Email-Based Attack

Phishing

Phishing emails impersonate trusted organisations — banks, HMRC, Microsoft, delivery companies — to trick recipients into clicking malicious links or entering credentials on fake websites. Modern phishing campaigns are highly convincing and personalised, often using information scraped from LinkedIn or company websites to add credibility.

Spear-Phishing

A targeted variant of phishing where the attacker researches a specific individual before crafting an email that appears highly credible. Spear-phishing is used against high-value targets — finance directors, senior executives, IT administrators — and is significantly harder to detect than generic phishing.

Business Email Compromise (BEC)

BEC attacks involve an attacker impersonating a senior executive or trusted supplier — either by compromising their actual email account, or by registering a look-alike domain — and instructing the target to transfer funds, change payment details, or share sensitive information. BEC does not require any malware; it exploits trust rather than technology. This makes it very difficult to filter and very lucrative for attackers.

Malware Delivery via Email

Malicious attachments (PDFs, Office documents, ZIP files) and links to malware downloads are a common delivery mechanism for ransomware and remote access tools. Modern malware often uses macro-enabled documents or password-protected archives to evade basic filtering.

Email Spoofing

Spoofing involves sending emails that appear to come from a legitimate domain — either your own domain or a trusted partner's. Without DMARC, DKIM, and SPF in place, there is nothing to stop an attacker from sending emails that display your company name and email address as the sender.

DMARC, DKIM, and SPF: Email Authentication Explained

Email authentication protocols are DNS records that tell receiving mail servers how to verify whether an email claiming to be from your domain is genuine. Implementing all three is a Cyber Essentials requirement and provides foundational protection against spoofing and impersonation.

SPF (Sender Policy Framework)

An SPF record lists the mail servers that are authorised to send email on behalf of your domain. When an email arrives claiming to be from your domain, the receiving mail server checks the SPF record to verify the sender's IP address is on the approved list. If it is not, the email fails SPF authentication.

DKIM (DomainKeys Identified Mail)

DKIM adds a cryptographic signature to outgoing emails that allows receiving servers to verify the email was sent by an authorised source and has not been modified in transit. DKIM signing should be enabled in Microsoft 365 and any other email sending platform your business uses (marketing tools, CRM systems, etc.).

DMARC (Domain-based Message Authentication, Reporting and Conformance)

DMARC builds on SPF and DKIM by defining what happens to emails that fail authentication checks. A DMARC policy with p=quarantine sends failing emails to spam; p=reject blocks them entirely. DMARC also sends aggregate reports to a designated inbox, giving you visibility of who is sending email using your domain. Many businesses discover third-party services sending on their behalf only when they set up DMARC reporting.

Configuring DMARC correctly requires expertise — setting an overly aggressive policy without first reviewing reports can accidentally block legitimate emails. AMVIA deploys DMARC in monitoring mode first, reviews the reports, cleans up legitimate sources, and then moves to enforcement.

Microsoft 365 Email Security vs Third-Party Gateways

Microsoft 365 includes Microsoft Defender for Office 365 as part of certain licence tiers. For businesses on Business Premium (which includes Defender Plan 2), the built-in email security is genuinely effective — with Safe Links, Safe Attachments, anti-phishing policies, and attack simulation training all available.

However, configuring Defender for Office 365 correctly requires expertise. The default settings are not the most secure possible settings. AMVIA audits and tunes the Defender configuration as part of our M365 security service.

For businesses on Business Basic or Business Standard (which includes only Defender Plan 1 or Exchange Online Protection), the built-in protection is less comprehensive. Adding a third-party secure email gateway — such as Mimecast or Proofpoint Essentials — significantly improves filtering accuracy and adds capabilities such as attachment sandboxing, email archiving, and continuity services.

Phishing Simulation Training

Technology can block most phishing attempts, but staff will always be the last line of defence against sophisticated attacks that evade filters. Phishing simulation training involves sending your staff realistic (but fake) phishing emails, measuring how many click, and providing targeted training to those who do.

Research consistently shows that regular simulation training reduces staff susceptibility to phishing by 50–80% over 12 months. AMVIA runs quarterly simulation campaigns and provides a dashboard showing click rates by department, enabling managers to identify training needs.

Email Security for Regulated Businesses

Financial services firms (FCA-regulated), law firms (SRA-regulated), and healthcare organisations have specific email retention and archiving requirements. AMVIA's email security service includes compliant archiving with tamper-proof storage, e-discovery capability, and defined retention policies aligned to regulatory requirements.