Domain-based Message Authentication, Reporting, and Conformance (DMARC) is becoming non-negotiable for South African businesses as major global email providers move to tighten authentication requirements.

This is according to Jones Mayekiso, technical solutions engineer at IPT, Who local organisations to act now to protect email deliverability, prevent domain spoofing, and strengthen customer trust.

“DMARC is the ultimate digital bouncer. It builds on SPF and DKIM to give organisations full control over how failed emails are handled, whether to deliver, quarantine, or reject them.”

Email service giants have already moved from recommendations to enforcement. Google and Yahoo began requiring DMARC for bulk senders in February last year, defining bulk senders as anyone sending more than 5 000 emails per day. Microsoft followed suit on 5 May this year with Outlook now actively filtering non-compliant emails into Junk folders, with full rejection expected to follow as enforcement ramps up.

The consequences of ignoring DMARC are becoming severe. Unauthenticated emails may land in spam or be blocked entirely. This puts vital customer communications and marketing at risk. Default denial of delivery may damage brand reputation and hinder trust.

Beyond meeting policy, authenticated domains enjoy better email deliverability and inbox placement. Providers like Gmail, Yahoo, and Outlook actively reward domains with proper SPF, DKIM, and DMARC setups.

“Simply enabling DMARC is no longer enough. Businesses must move beyond basic monitoring and start actively blocking unauthenticated emails to fully comply with the new rules,” says Mayekiso.

DMARC also guards against domain hijacking and business email compromise (BEC), critical for local enterprises and regulators. IPT’s blog emphasises how this architecture supports both security and compliance for heavily regulated industries in South Africa.

IPT supports organisations through the DMARC journey.