Skip to main content
European Postal Sector: Email Security and DMARC Landscape

European Postal Sector: Email Security and DMARC Landscape

April 2, 2026
Ecosystem NewsSecurity Insights

European postal operators no longer deliver just envelopes or parcels. Today, they are becoming large, complex digital hubs that provide citizens with free email accounts alongside financial services (such as banking and insurance) and digital identity services. 

Considering the sharp rise in email-based attacks in Europe, many operators are now focusing on email authentication and educating citizens about the importance of recognising malicious patterns. However, others show the need to take further steps to reach a secure level for everyone.

Beyond Parcels

Several postal operators offer a suite of services to EU citizens in various countries, some of which are highlighted below: 

  • Poste Italiane (Italy): Banking, life insurance, digital identity services and mobile telecom network.
  • La Poste (France): Banking, insurance and mobile telecom network.
  • CTT (Portugal): Banking and national payment services.
  • Poczta Polska (Poland): Banking and insurance.
  • Pošta Slovenije (Slovenia): Banking and digital identity services.

DMARC Status of European Postal Providers

The table below outlines the current DMARC status of major European postal providers, focusing on both the corporate domains and the public domains they offer to citizens. 

The data above reveals a diverse pattern in how European postal providers manage email security, which broadly reflects the state of DMARC adoption in these providers’ respective countries. 

The European Commission’s Email communication security standards document shows that Italy has a DMARC strict policy support rate of 25%, and Slovenia has a 30% support rate. 

In France, La Poste is beginning to set a regional standard. In line with global standards set by providers like Google and Yahoo, laposte.net rolled out DMARC enforcement for its users in September 2025. 

In Italy, Poste Italiane shows a gap in its enforcement of email security. Despite its significant footprint in Italian banking and insurance, its corporate domain (poste.it) has a DMARC policy set to p=none, and its certified digital mailbox domain (postecertifica.it) lacks a DMARC record.

This reflects the broader landscape of DMARC adoption in Italy, where only a quarter of Italian domains adopt a strict policy. 

Italy’s National Cybersecurity Agency (ACN) recently published its Email Authentication Framework, recommending implementing SPF, DKIM and DMARC to prevent attackers from impersonating domains and sending fraudulent communications. 

Le grandi organizzazioni stanno implementando DMARC per garantire la fiducia nel loro traffico email. È arrivato il momento di vedere anche in Italia lo stesso impegno, E noi siamo qui per aiutarvi.

—Matia Boldrini, EMEA Professional Services Specialist

What it means for users

For citizens and business organisations, the inconsistent application of email authentication standards, such as DMARC, across European postal operators creates a fragmented landscape of trust.

  • Users: citizens in countries like Italy and Slovenia are vulnerable to targeted phishing campaigns, as attackers can easily spoof postal domains to extract financial information or banking credentials.
  • Senders: business organisations sending mail to European citizens need to authenticate their domains. Providers like laposte.net actively block unauthenticated traffic, so poor DMARC implementation may affect regional deliverability.

Future Outlook

Europe is seeing a decreasing tolerance for unauthenticated email. As cyber threats become more prominent and sophisticated, regulations such as the EU’s NIS2 are prompting organisations to adopt a more proactive security posture. 

Providers currently implementing DMARC p=none policies will need to progressively consider moving to policies such as p=quarantine or p=reject. Organisations communicating within the European market should proactively implement email authentication protocols such as SPF, DKIM and DMARC to ensure their messages are trusted, delivered properly, and protected against threats. 

We’re Here to Help
With a team of email security experts and a mission of making email and the internet more trustworthy through domain security, dmarcian is here to help assess an organization’s domain catalog and implement and manage DMARC for the long haul.

Get started with our 30-day trial

Want to continue the conversation? Head over to the dmarcian Forum.

DMARCDMARC benefitsEMEA

Related Posts