MVT Systems — Managed IT, Microsoft 365 & Cybersecurity South Africa
All insights
Email securityExplainer

What SPF, DKIM and DMARC Mean for South African Businesses

Three small DNS records decide whether the world trusts email from your domain. Here is what they do — in business language.

What SPF, DKIM and DMARC Mean for South African Businesses — MVT Systems article illustration

Email was designed in an era when nobody lied about who they were. SPF, DKIM and DMARC are the layers added to fix that. Get them right and attackers can't convincingly spoof your domain — and your legitimate email lands in the inbox, not the junk folder.

SPF — Sender Policy Framework

SPF is a list, published in DNS, of the servers allowed to send mail for your domain. If a message arrives from a server not on the list, receivers can mark or reject it.

Why it matters

  • Stops the simplest form of domain spoofing.
  • Required for DMARC to work.
  • Easy to break — every new SaaS that sends on your behalf needs to be added.

DKIM — DomainKeys Identified Mail

DKIM cryptographically signs every outbound message. The receiver looks up your public key in DNS and verifies the signature.

Why it matters

  • Proves the message hasn't been tampered with.
  • Survives forwarding, where SPF often breaks.
  • Required by major mailbox providers for trusted delivery.

DMARC — Domain-based Message Authentication, Reporting & Conformance

DMARC ties SPF and DKIM together. It tells receivers what to do if either check fails — do nothing, quarantine, or reject — and reports back to you on what's happening.

Why it matters

  • Lets you actually enforce a no-spoofing policy.
  • Reports reveal unauthorised senders abusing your domain.
  • Mailbox providers like Microsoft, Google and Yahoo are increasingly requiring it.

What “rolling out DMARC” really means

Most businesses publish a permissive DMARC record and never reach enforcement. We move clients through a structured path:

  • Inventory every legitimate sender (Microsoft 365, CRM, newsletter, payroll, etc.).
  • Authenticate each one with proper SPF and DKIM.
  • Monitor DMARC reports until the picture is clean.
  • Enforce p=reject, with confidence.

Why this matters in South Africa

Local SMEs are routinely impersonated for invoice fraud and CEO impersonation. Enforced DMARC removes the easiest version of that attack and protects your brand and your customers in one move.

Our cybersecurity team handles SPF, DKIM and DMARC end-to-end, including continuous monitoring and enforcement for higher-volume domains.

Talk to MVT about email authentication →

Let's talk

Your business future-proofing partner.

Tell us what you're building. We'll bring the strategy, the platforms and the people to make it happen.

Email us
info@mvt-systems.co.za
Call support
+27 10 006 5530
WhatsApp support
+27 10 006 5530
Contact us / Book a security review

Tell us about your business

We'll get back to you within one business day.

By submitting this form you agree to MVT Systems contacting you about your enquiry. We handle your information in line with our privacy policy.