DMARC has changed email security. When a domain is at enforcement, attackers can’t send email that impersonates that domain and have it land in inboxes. That’s not a small thing, either. Exact-domain spoofing was one of the most effective phishing techniques available, and DMARC largely shut it down.
The problem is that attackers are persistent (and adaptable).
Now that exact-domain spoofing is ha...
