Stop business email compromise: 5 controls that work

Practical controls to block business email compromise, from DMARC to role-based approvals.

Authenticate and align your domain

Start with SPF, DKIM, and DMARC in enforcement mode. Alignment stops spoofing of your primary domains and gives you visibility into who is sending on your behalf.

• Publish SPF with only the services you trust and keep it under 10 DNS lookups.
• Sign outbound mail with DKIM and rotate keys every 6-12 months.
• Set DMARC to p=reject once you have clean reports for 30 days.

Detect impersonation in real time

Layer brand impersonation detection and display-name checks on top of authentication. Use anomaly detection to flag vendor lookalikes and sudden changes in bank details.

• Enable executive and supplier impersonation policies.
• Rewrite links and scan attachments to catch payload-free BEC attempts.
• Alert finance and HR groups when payment terms are changed in email.

Reduce human error

Give users context. Inline banners, preview of external senders, and short training loops cut click-through rates without causing alert fatigue.

• Use just-in-time banners instead of yearly training dumps.
• Quarantine low-confidence messages instead of delivering silently.
• Send weekly digest of blocked messages so users regain trust.