dmarcian Talks Email Security and Brand Protection at eComm Live
Recently our Europe, the Middle East and Africa (EMEA) team attended the #eCommLive event in Belfast. At first glance, an eCommerce event might not seem like the obvious place to talk about email and cyber security. So, why was dmarcian at an eCommerce event discussing DMARC and email impersonation?
Retailers and e-commerce leaders are focused on building their brand and protecting their brand from cyber-attacks. Protecting brand trust and securing customer communications starts with stopping fake emails. It is important, therefore, for us to show up at events where these leaders attend.
Recent Retail Cyber Incidents: M&S, Co-op and the Growing Risk
Retail businesses across the UK and Ireland have faced a wave of cyberattacks in the past two years. As the #eCommLive was taking place in Belfast, Ireland, some of the conversation steered towards how some major high-street names like Marks & Spencer (M&S) and the Co-op Group were actively dealing with serious ongoing cyber incidents.
The security teams at M&S had to suspend all online orders in the UK and Ireland for days as it grappled with a ransomware-style attack—even some physical stores saw empty shelves and product shortages during the crisis.
The Co-op, meanwhile, shut down parts of its IT systems after detecting an attempted breach, disrupting back-office and call centre operations. These back-to-back incidents underscore that no retailer, whether e-commerce or brick-and-mortar, is immune.
- Retail is among the top industries targeted by cybercriminals today
- UK retailers lost £11.3 billion to fraud in 2023. This substantial loss highlights the financial impact of fraudulent activities on the retail industry.
- The retail sector experiences more data breaches than any other industry, making it a prime target for cyberattacks.
Beginning May 5, Microsoft began rejecting emails that don’t meet their new DMARC requirements. Learn how to meet their mandate.
The Hidden Cost of Email Impersonation: Brand Trust and Loyalty
Cyberattacks don’t just cause immediate disruption and financial loss—they have a profound long-term impact on consumer trust in a brand. The recent M&S attack demonstrates how quickly the fallout can escalate.
Within a week of the cyberattack, over £700 million was wiped off M&S’s market value as investors and customers reacted to the damage. Even once systems are restored, a shadow of doubt can linger in consumers’ minds about the brand’s security. Additionally, bad actors often follow up after a breach event with phishing emails trying to impersonate a brand further.
- 91% of cyberattacks begin with a phishing email.
- 56% of retail customers say they are “not likely at all” to trust a company that had experienced a data breach with their personal information.
- While immediate financial loss from a cyberattack can be highly impactful, the negative effect on brand reputation thereafter can be devastatingly long-term.
Security teams in many companies maintain a risk register and are often able to forecast cyberattack events before they occur. Retail brands must therefore treat cybersecurity as fundamental to customer experience and brand value, not just an IT issue.
What is DMARC and why do retailers need it now?
Given the prominent role of phishing and email scams in retail cyber incidents, email security is critical for protecting brand trust. One powerful tool is DMARC (Domain-based Message Authentication, Reporting & Conformance), an email policy-based control protocol that helps ensure only legitimate emails from your domain reach customer inboxes while blocking spoofed messages. DMARC works in three policy stages, each offering increasing levels of protection:
- None – Monitors email traffic but takes no action
- Quarantine – Flags suspicious emails and sends them to spam
- Reject – Blocks fake emails completely from reaching inboxes
While having a DMARC record in itself is valuable, it’s important to note that none only allows for monitoring—it doesn’t protect. Moving toward reject is key to fully defending against impersonation. It is also important to apply DMARC policies across all your domains, including subdomains.
Common DMARC Mistakes Leave Retail Domains Exposed
Following are some misconfigurations can limit DMARC’s effectiveness:
- Leaving a domain at p=none effectively monitors 100% of traffic without taking any enforcement action, leaving the domain vulnerable.
- Sending both aggregate (RUA) and forensic (RUF) reports to the same mailbox. While it may seem convenient, it’s not ideal. Forensic reports can contain sensitive information and separating them from aggregate reports helps align with privacy best practices.
- A common configuration like:
v=DMARC1; p=none; sp=reject; rua=mailto:[email protected];
Protects subdomains but not the primary domain. This can leave the main brand exposed if it’s targeted.
DMARC Strengthens Customer Trust and Email Deliverability
In early 2024, Google and Yahoo began enforcing email authentication rules for high-volume senders. Microsoft followed suit in May 2025. If you’re sending newsletters, promotions, or order updates to thousands of customers, you must now pass SPF, DKIM, and DMARC checks to avoid deliverability issues.
For retail executives, it is important to be aware that in today’s digital environment, securing your email is securing your brand. A small investment in policies like DMARC can deliver long-term gains in customer loyalty and business resilience.
It was refreshing to mix things up from the usual tech conference circuit! We were delighted to speak with so many founders at eComm Live who had real concerns around protecting their brand reputation and eager to achieve this with DMARC. The retail industry is evolving faster than ever, especially in the age of AI, and companies in this sector are rapidly moving to improve their cybersecurity practices in this new era of online commerce.
—dmarcian EMEA Account Manager Jamie Murphy
Implementing DMARC isn’t just about security—it’s now fundamental to email deliverability. Without it, your marketing emails risk being filtered or blocked entirely, reducing campaign performance. With DMARC in place, you improve inbox placement, protect your brand, and maximize the ROI of every email you send.
A simple next step for retail executives
Use dmarcian’s free DMARC Domain Checker to see if your domain is protected. It’s a fast, easy way to identify exposure to email impersonation and take the first step toward securing your brand. Have questions or need help getting started?
We’re Here to Help
With a team of email security experts and a mission of making email and the internet more trustworthy through domain security, dmarcian is here to help assess an organization’s domain catalog and implement and manage DMARC for the long haul.
Want to continue the conversation? Head over to the dmarcian Forum.
