In order to ensure that legitimate emails aren’t lost, and that old systems can’t be used to spoof email from your domains, you should put processes in place to ensure that your SPF and DKIM configurations are up to date.

1. Ensure that those responsible for adopting or retiring technology are aware the necessary processes. To help with this you can publish internal documentation which explains the need to enable new services and disable retired ones using SPF and DKIM. You should regularly review whether changes should be made to your SPF/DKIM configurations.

2. Use your DMARC report processing tool to identify any new systems which might be in use, but do not have the necessary SPF/DKIM configuration in place. You can then contact relevant teams and add SPF/DKIM configurations if appropriate.

• Choose an anti-spoofing management tool

• Protect email in transit

• Configure anti-spoofing controls

• Send spoof emails to spam

• Spoof emails being rejected

• Continuous improvement