How dmarcian Supports DMARC Adoption across EMEA
Email remains the primary communications channel for organisations across Europe, the Middle East and Africa (EMEA). Despite this, it continues to be one of the most commonly exploited attack vectors. Spoofing, phishing and impersonation attacks continue to increase and we are even reading of zero day AI attacks, such as EchoLeak AI, that enable the theft of sensitive data via Microsoft 365 Copilot beginning with an attacker sending an email.
What is DMARC?
Domain-based Message Authentication Reporting and Conformance (DMARC) is a free and open technical specification that is used to authenticate an email by aligning SPF and DKIM mechanisms. By having DMARC in place, domain owners can fight business email compromise, phishing and spoofing. Co-authored by dmarcian’s founder, DMARC was first published in 2012.
Growing demand for DMARC adoption in Europe
As DMARC adoption accelerates across EMEA, organisations are increasingly implementing and managing DMARC to strengthen their email security posture. Over the past few years, we’ve had the opportunity to work with organisations across Europe as they strengthen their email authentication and protect their domains from spoofing and phishing.
One consistent pattern we see is that organisations are often surprised by how many third-party services are sending email on their behalf. DMARC provides the visibility needed to identify and manage these sources safely.
dmarcian’s European Team and Regional Expertise
Our presence in EMEA has grown steadily with a dedicated team based in the region working closely with customers, partners and the wider community as DMARC adoption continues to accelerate. With our mission of “DMARC for all” combined with expert regional support and an EMEA-hosted platform, we can help an organisation’s visibility, achieve compliance and strengthen their email security posture—quickly and confidently.
dmarcian’s DMARC Management Platform provides a measurable and enforceable way to ensure only authorised email sources can send on behalf of a domain.
Specialized Support in Local Time Zones
We work with a wide range of organisations, including enterprises, public sector bodies, universities and managed service providers responsible for protecting large numbers of domains. In these environments, clarity, flexibility and long-term independence are critical. Having a team based in Europe (specifically in Ireland) also means that customers and partners can work directly with us in real time in their own time zone and are able to speak with people who understand their environment and can support when needed.
Our Partnerships with Ireland’s Cybersecurity and Academic Community
Ireland plays an important role in the European technology ecosystem, serving as a base for many global technology providers and supporting a strong and growing cybersecurity community. Over the last few years, we have had the opportunity to engage with organisations and industry bodies across the region, including academic institutions such as Dublin City University and participating in initiatives through organisations like Cyber Ireland. We also engage beyond traditional cybersecurity and tech conferences. These engagements help raise awareness of DMARC not just as a security measure, but as a fundamental part of operating a trusted domain which is key to minimising reputational and regulatory risk.
Looking ahead, we see an important opportunity to continue this work by supporting wider adoption of DMARC across the region and collaborating with advocacy groups, industry bodies and decision makers. Consistent adoption of strong authentication standards benefits not only individual organisations, but the resilience of the wider ecosystem.
GDPR & NIS2 Regulatory Compliance
We are seeing increased urgency across Europe as organisations prepare for regulatory frameworks like GDPR, PCI DSS, NIS2, and DORA, which demand advanced email protections and local data residency. Historically, adoption has often been slowed by the complexity of email ecosystems and the number of services sending on behalf of a domain.
| Framework | Who this Impacts | Objective | How DMARC(ian) helps |
| GDPR | Organizations that process EU personal data. | “Appropriate technical and organisational measures” required to protect data. Phishing breaches may constitute a violation. | DMARC helps prevent domain spoofing and email phishing, reducing breach risk and supports “Security of Processing” obligations. |
| DORA (Digital Operational Resilience Act) | Financial sector regulation in force since January 2025. | Safeguards are required to mitigate information and communications technology (ICT) disruption and threats. | DMARC helps achieve the DORA objectives by ensuring a robust cybersecurity posture, including protecting domains from phishing and spoofing. |
| NIS2 Directive | Mandatory for critical sectors in the EU. | Obligates “essential and important entities” to implement cybersecurity risk management, including email authentication and incident reporting. | DMARC contributes to incident prevention and detection by preventing domain spoofing, strengthening email authentication and reducing phishing. |
| PCI DSS v4.0 | Organizations processing and supporting payment cards. | PCI recommends DMARC, SPF and DKIM in section 5.4.1. | DMARC aligns with PCI DSS v4.0 by preventing domain spoofing and phishing and supporting secure data transmission. |
Looking Ahead
As expectations around email security continue to increase, organisations are looking for trusted partners in the region who can provide clarity and long-term support. We are continuing to work with organisations across the EMEA region as adoption grows, and we are encouraged by the progress being made.
If you’re interested in learning more about DMARC adoption across EMEA, or would like to connect, feel free to contact us at [email protected]. We would be happy to hear from you.
You can also explore some of our recent DMARC perspectives and observations from across the region:
- The Year of Email Security: Germany’s Focus on DMARC
- The State of DMARC in Switzerland
- Spear Phishing in Europe: Why DMARC Matters
- NCSC DMARC Changes: Mail Check Alternatives for UK Organisations
As DMARC adoption continues to grow, it is encouraging to see organisations across the region taking practical steps to strengthen trust in email as part of their broader security posture.
Want to continue the conversation? Head over to the dmarcian Forum.
