The Forty-Two Thousand Pound Email
It arrived on a Tuesday morning. A senior partner at a mid-sized accountancy firm in the West Midlands opened an email that appeared to be from their largest client — a construction company they had worked with for over a decade. The email explained that the company had changed banks and asked the firm to redirect an outstanding payment of forty-two thousand pounds to new account details. The email used the correct formatting. It referenced the correct invoice number. It was signed with the client's usual sign-off, right down to the mobile number in the signature.
The partner forwarded the email to the accounts team, who updated the payment details and processed the transfer. There was no reason to question it. The email looked exactly like every other email they had ever received from that client.
Two days later, the real client telephoned to chase the unpaid invoice. The accountancy firm checked their records and confirmed the payment had been sent. To the wrong bank account. The money was gone — moved through a series of accounts within hours and withdrawn before anyone realised what had happened.
This is not a hypothetical scenario. It is a real pattern that plays out across the UK thousands of times every year. The National Crime Agency and Action Fraud report that business email compromise — the umbrella term for fraud carried out through email — cost UK businesses an estimated two hundred and forty-five million pounds in 2024 alone. And the true figure is almost certainly higher, because many businesses never report the crime, either through embarrassment or because they do not realise that what happened to them constitutes fraud.
Email fraud is not a technology problem. It is not something that only happens to careless people or unsophisticated businesses. It is a deliberate, targeted form of crime that exploits trust, routine, and the fundamental way that businesses communicate. The attackers are professional, patient, and extremely good at what they do.
But here is the good news: email fraud is also highly preventable. The vast majority of successful attacks follow predictable patterns, use recognisable tactics, and exploit specific weaknesses that can be addressed with practical, affordable measures. You do not need a cybersecurity department. You do not need expensive software. You need to understand the threat, recognise the warning signs, and put a handful of common-sense processes in place.
This guide explains exactly how to do that.
The Five Most Common Types of Email Fraud
Email fraud is not a single type of attack. It takes several distinct forms, each designed to exploit a different aspect of how businesses operate. Understanding these forms is the first step to defending against them, because once you know what to look for, the attacks become much easier to spot.
1. Invoice Fraud
Invoice fraud is the most financially damaging type of email fraud affecting UK businesses. It works like this: an attacker sends an email that appears to come from one of your suppliers, a client, or your own accounts team. The email contains what looks like a routine invoice or payment instruction, but with one critical difference — the bank details have been changed to an account controlled by the criminal.
What makes invoice fraud so effective is that it mimics a completely normal business process. Invoices arrive by email every day. Payment instructions are routine. Changing bank details, while not everyday, is not unusual either — businesses do change banks, and when they do, they notify their contacts by email. The fraudulent email fits seamlessly into the flow of ordinary business communication.
In sophisticated cases, the attacker has been monitoring your email for weeks or months before striking. They have learned your supplier relationships, your payment cycles, your invoicing format, and even the way specific individuals write. When the fraudulent email arrives, it is tailored so precisely to your business that it is virtually indistinguishable from the real thing.
Invoice fraud is responsible for the largest individual losses in email fraud cases. Single incidents routinely run into tens of thousands of pounds, and some UK cases have exceeded one million pounds. The average loss reported to Action Fraud for invoice fraud is significantly higher than for any other type of email scam.
2. CEO and Director Impersonation
In this type of fraud, the attacker pretends to be a senior person in your organisation — the CEO, a director, or a partner. They send an email to someone in the finance team or accounts department, requesting an urgent payment. The email typically emphasises urgency and confidentiality: "I need you to process a wire transfer of £28,000 immediately. I'm in a meeting so cannot discuss on the phone. Please keep this confidential until the deal is finalised."
The psychology behind this attack is powerful. It exploits the natural tendency of employees to comply with requests from senior people, especially when urgency and confidentiality are emphasised. The instruction to "keep this confidential" is particularly clever because it discourages the recipient from checking with colleagues — which is exactly what would expose the fraud.
CEO impersonation attacks often target new employees, because they are less familiar with the communication style of senior staff and more anxious to make a good impression by being responsive and helpful. The attacker may have gathered names and roles from your company website, LinkedIn, or Companies House records — all of which are publicly available.
3. Phishing
Phishing is the broadest category of email fraud. It covers any email designed to trick the recipient into revealing sensitive information — typically login credentials, but sometimes financial details, personal data, or access to internal systems. Phishing emails disguise themselves as legitimate communications from banks, delivery companies, email providers, government agencies, or software services.
A classic phishing email might look like a notification from your bank: "We have detected unusual activity on your account. Please click here to verify your identity." The link leads to a fake website that looks identical to your bank's login page. When you enter your credentials, they are captured by the attacker, who then uses them to access your real account.
For businesses, the most dangerous form of phishing targets email credentials specifically. If an attacker gains access to a staff member's email account, they can read every email in the inbox, learn about your clients and suppliers, monitor financial transactions, and use that account to send fraudulent emails to your contacts — emails that genuinely come from your domain and pass every authenticity check.
The UK Government's Cyber Security Breaches Survey consistently finds that phishing is the single most common type of cyber attack reported by UK businesses — affecting around 84% of businesses that experienced any form of attack. Phishing is not a niche threat. It is the primary method by which criminals gain access to business email accounts.
4. Supplier Impersonation
Supplier impersonation is closely related to invoice fraud but deserves separate attention because of how it works. Rather than intercepting a specific invoice, the attacker impersonates one of your regular suppliers and sends what appears to be a routine communication about updated payment details. The email might say: "We have recently changed our banking arrangements. Please update your records with our new account details for all future payments."
What makes supplier impersonation particularly dangerous is the ongoing nature of the fraud. With invoice fraud, the attacker typically targets a single payment. With supplier impersonation, if you update your records with the fraudulent bank details, every subsequent payment to that supplier goes to the criminal's account — potentially for weeks or months before anyone notices.
The attacker often gains the information they need by compromising your supplier's email system rather than yours. They read the supplier's emails, learn about the business relationship, and then contact you from a slightly different email address — or in some cases, directly from the supplier's own compromised email account.
5. Payroll Redirection
Payroll redirection targets your HR or payroll function rather than your finance team. The attacker sends an email pretending to be an employee, asking to change their bank details for salary payments. The email typically provides a plausible reason: "I have switched banks and would like to update my salary payment details. Please use the following account from next month."
If the change is processed without verification, the next salary payment goes to the attacker's account instead of the employee's. The fraud is usually discovered when the real employee contacts payroll to ask why they have not been paid — by which point the money has been withdrawn.
Payroll redirection is less financially dramatic than invoice fraud in most cases, but it can happen repeatedly if processes are weak, and the reputational damage with your own staff can be significant.
How to Spot a Fraudulent Email
Fraudulent emails are becoming increasingly sophisticated, but they still leave traces. These are the practical red flags that should trigger suspicion — not technical indicators that require specialist tools, but common-sense signals that anyone in your business can learn to recognise.
Unexpected Urgency
Urgency is the primary weapon in the email fraudster's arsenal. Legitimate business requests occasionally require quick action, but they rarely demand immediate, same-day action with no opportunity to verify. Phrases to watch for include: "This must be processed today," "Time-sensitive — do not delay," "The deadline is this afternoon," and "Please action immediately." When an email pressures you to act before you can think, that pressure itself is the warning sign.
Genuine urgency can usually withstand a five-minute verification call. Fraudulent urgency cannot — because the moment you pick up the phone and call the real person, the deception collapses.
Changed Bank Details
Any email that contains new or changed bank details should be treated as suspicious by default, regardless of who it appears to come from. This includes payment instructions with account details that differ from those on file, notifications that a supplier or client has "changed banks," requests to redirect salary payments, and invoices with bank details that do not match the supplier's previous invoices.
Changed bank details in an otherwise normal conversation are the single most reliable indicator of invoice fraud. Legitimate bank changes do happen, but they should always be verified through a separate channel before any payment is processed.
Slightly Different Email Addresses
Attackers frequently register domain names that are almost identical to those of the businesses they are impersonating. The differences can be extraordinarily subtle: a lowercase L replaced with the number 1, an extra letter inserted, a hyphen added or removed, or a different domain extension (.com instead of .co.uk). At a glance — especially on a mobile phone where email addresses are often truncated — these differences are easy to miss.
Examples: accounts@yourcompany.com versus accounts@yourcompnay.com (transposed letters). invoice@supplier.co.uk versus invoice@suppIier.co.uk (capital I instead of lowercase L). These differences are invisible at reading speed, which is exactly the point.
Email fraud is significantly more effective on mobile devices because smaller screens display less information. Sender addresses are often shortened or hidden entirely, links cannot be previewed by hovering, and the interface encourages quick tapping rather than careful inspection. If you receive a financial request by email, always verify it on a desktop screen where you can see the full sender address — or better still, verify by phone.
Requests to Bypass Normal Processes
Any email that asks you to skip your usual approval process, handle something outside normal channels, or make an exception "just this once" should raise immediate suspicion. Legitimate senders know your processes and work within them. Attackers do not — and they know that your processes are the most likely thing to expose their fraud, so they try to get you to bypass them.
"Keep This Confidential"
Instructions to keep a transaction confidential, not to discuss it with colleagues, or not to call the sender about it are strong indicators of fraud. The attacker does not want you to verify the request, because verification is how the fraud is discovered. A genuine CEO asking for a legitimate payment has no reason to insist on secrecy. A genuine supplier has no reason to ask you not to phone them.
Unusual Tone or Language
If an email from a familiar contact sounds slightly off — more formal than usual, less formal than usual, using different phrasing, different punctuation, or different greetings — trust your instinct. You know how the people you work with write. An email that does not quite sound like them may not be from them.
What Your Email Provider Should Do to Protect You
While your own vigilance and processes are essential, your email provider has a critical role to play in preventing fraud before it reaches your inbox. These are the protections that a responsible email provider should have in place — described in terms of what they achieve, not the technical mechanisms behind them.
Block Impersonation Emails
Your email provider should prevent other people from sending fake emails that appear to come from your domain. Without this protection, anyone in the world can send an email that looks as if it came from your business — to your clients, your suppliers, your staff, or anyone else. The recipients have no way to tell the difference.
This protection is achieved through something called domain protection — a set of published rules that tell receiving email systems how to verify whether an email genuinely came from your domain. Think of it as a guest list for your domain. You publish a list of email servers that are authorised to send on your behalf. When an email arrives claiming to be from your domain, the receiving system checks the guest list. If the sending server is not on it, the email is blocked or flagged as suspicious.
Domain protection involves three mechanisms that work together. In non-technical terms: the first is the guest list itself (technically called SPF — think of it as "only these servers may send post using our address"). The second is a digital signature attached to every email you send (technically called DKIM — like a wax seal on a letter, proving it has not been tampered with since it left your hands). The third is a policy that tells receiving systems what to do when an email fails these checks (technically called DMARC — like a bouncer at the door who checks the guest list and the seal, and turns away anyone who does not pass).
epost.plus configures full domain protection on every business email account by default. Your domain is protected with the strictest possible settings — the bouncer does not just turn away suspicious emails, it blocks them completely. You do not need to configure anything yourself. It is part of the standard service.
Verify Sender Identity
When your business receives an email, your provider should verify that the email genuinely came from the server it claims to have come from. This is the other side of domain protection — not just protecting your own domain, but checking the credentials of every email that arrives in your inbox. Emails that fail these checks should be filtered, flagged, or blocked before they reach your team.
Encrypt Delivery
Email travels across the internet between servers before reaching its destination. If that journey is not encrypted — scrambled into unreadable form during transit — it can potentially be intercepted and altered along the way. An attacker who can intercept an email in transit can modify its content: changing bank details in an invoice, altering instructions, or inserting malicious links. Encrypted delivery prevents this by ensuring that emails cannot be read or modified while they are in transit.
Your email provider should enforce encryption on all email delivery — not just offer it as an option. This means that emails sent to and from your domain travel through encrypted channels automatically, without anyone needing to configure anything.
Filter Phishing and Malicious Content
Before any email reaches your team's inboxes, your provider should scan it for signs of phishing: fake login pages, malicious links, dangerous attachments, and known fraud patterns. Effective filtering catches the vast majority of phishing attempts before they have a chance to deceive anyone. No filter is perfect — some sophisticated phishing emails will always get through — but good filtering dramatically reduces the volume of threats your team faces.
Monitor for Domain Abuse
Your provider should give you visibility into how your domain is being used for email. This means providing reports that show who is sending email using your domain — including any unauthorised attempts. If someone tries to send fake emails from your domain and those emails are blocked by your domain protection, you should know about it. These reports help you understand the threat landscape specific to your business and confirm that your protections are working.
What You Should Do as a Business Owner
Technology protects your systems, but processes protect your people — and it is people who ultimately decide whether to process a fraudulent payment or discard a suspicious email. These are the practical steps you should take within your business, regardless of which email provider you use.
Verify Payment Changes by Phone — Every Single Time
This is the single most important rule in this entire guide. Never change bank details based on an email alone. It does not matter how genuine the email looks, how familiar the sender is, or how routine the request appears. If an email asks you to send money to a different account, update a supplier's bank details, or process a payment that differs from your records in any way, pick up the phone and call the sender to confirm.
Use a phone number you already have on file — not a number provided in the suspicious email. The email may contain a phone number that connects to the attacker rather than the genuine sender. Call the number in your contacts, on the supplier's website, or on their original paperwork.
This one habit — a thirty-second phone call — prevents the vast majority of invoice fraud and payment redirection attacks. It costs nothing, takes almost no time, and works even against the most sophisticated fraudulent emails. If a request is genuine, the sender will confirm it in seconds. If it is fraudulent, the phone call exposes it immediately.
The accountancy firm in the opening story could have prevented the entire forty-two thousand pound loss with a single phone call lasting less than a minute. The fraudulent email was sophisticated enough to fool experienced professionals — but it could not have survived a phone call to the real client.
Establish Approval Processes
No single person in your business should be able to authorise a payment above a defined threshold without secondary approval. This is not about distrusting your staff — it is about creating a system where fraud cannot succeed through a single point of failure.
A practical approach for small businesses: any payment above a threshold you set (for example, one thousand pounds, or five thousand — choose a level that makes sense for your business) requires sign-off from a second named person. Any change to stored bank details requires verification by phone and approval from a second person. Any new supplier must have their bank details verified through an official channel before the first payment is made.
These processes do not need to be bureaucratic or slow. They can be as simple as a second pair of eyes checking the details before a payment is released. The key is that they exist, they are followed consistently, and they apply to everyone — including senior staff.
Train Your Team
Fraud awareness training does not need to be expensive, time-consuming, or formal. A fifteen-minute briefing at a team meeting covers the essentials. Explain the five types of fraud described in this guide. Show examples of the red flags. Make it clear that no one will be criticised for questioning a suspicious email — in fact, questioning is exactly what you want them to do.
The most important message to convey is this: it is always acceptable to verify. No legitimate client, supplier, or colleague will be offended by a phone call to confirm a payment request. Anyone who objects to verification is either not who they claim to be, or they need to understand why your business takes fraud prevention seriously.
Repeat this briefing once a year. Fraud tactics evolve, new staff join, and people forget. An annual fifteen-minute refresher keeps awareness current without consuming significant time.
Use Two-Factor Authentication
Two-factor authentication — often called 2FA — adds a second step to your email login. After entering your password, you also need to enter a short code from an app on your phone. The code changes every thirty seconds. Even if an attacker steals your password through a phishing attack, they cannot access your account without also having your phone.
Think of it like a front door with two locks. A thief needs both keys to get in. Stealing one is useless without the other. Two-factor authentication makes it dramatically harder for an attacker to break into your email account — and if they cannot access your account, they cannot monitor your communications, learn about your financial transactions, or send fraudulent emails from your address.
Enable 2FA on every email account in your business. If your email provider allows you to enforce it for all users (rather than leaving it as an optional setting), do so. This ensures that every account is protected, not just those belonging to the most security-conscious team members.
Check Your Domain Protection
Ask your email provider a simple question: "What level of domain protection do you have configured for our domain?" If they cannot give you a clear, confident answer, that is a problem. If the answer is "none" or "basic," that is a bigger problem.
Strong domain protection — the guest list, digital signature, and bouncer described earlier in this guide — should be in place on your domain at its strictest setting. This means fake emails claiming to come from your domain are blocked completely by receiving systems, not just flagged or sent to spam. It means your clients and suppliers can trust that an email appearing to come from your business genuinely came from your business.
If your current provider does not offer strong domain protection, or charges extra for it, or requires you to configure it yourself, consider whether they are the right provider for a business that takes fraud prevention seriously.
UK Resources and Reporting
The UK has a well-established framework for reporting email fraud and accessing guidance. Knowing where to turn is an important part of being prepared.
Action Fraud
Action Fraud (actionfraud.police.uk) is the UK's national reporting centre for fraud and cyber crime, run by the City of London Police. If your business has been the victim of email fraud, report it to Action Fraud online or by calling 0300 123 2040. Reporting serves two purposes: it creates an official record that may help with insurance claims and bank recovery processes, and it contributes to intelligence that helps law enforcement identify and disrupt criminal networks.
National Cyber Security Centre (NCSC)
The NCSC (ncsc.gov.uk) is the UK Government's authority on cyber security. They publish practical guidance specifically designed for small and medium-sized businesses, including detailed advice on defending against business email compromise. Their guidance is free, authoritative, and written in accessible language. It is worth bookmarking and reviewing periodically.
The NCSC also operates a suspicious email reporting service: forward any suspicious email to report@phishing.gov.uk. The NCSC analyses reported emails and takes action to shut down fraudulent websites and email infrastructure.
Cyber Essentials
Cyber Essentials is a UK Government-backed certification scheme that helps businesses protect against the most common cyber threats. Achieving Cyber Essentials certification demonstrates to your clients, suppliers, and partners that your business takes security seriously. It covers five key areas including access control and secure configuration — both directly relevant to email fraud prevention.
Certification is mandatory for UK Government contracts involving sensitive data, but it is increasingly expected by private-sector clients as well. The self-assessment level starts at around three hundred pounds — a modest investment that signals credibility and commitment.
According to UK Finance and the NCSC, UK businesses lost over two hundred and forty-five million pounds to business email compromise in 2024. The average loss per incident was significantly higher for invoice fraud than for other types of email scam. Small and medium-sized businesses accounted for a disproportionate share of victims — not because they are careless, but because they are less likely to have the processes and protections that larger organisations take for granted.
How epost.plus Protects Your Business from Email Fraud
Everything in this guide — the technology, the processes, the awareness — works best when your email provider is actively working to protect you rather than leaving you to manage security on your own. epost.plus is built on the Axigen mail server platform and designed with fraud prevention as a core principle, not an afterthought.
Domain Protection Configured by Default
Every epost.plus business email account comes with the full domain protection stack configured from day one. Your domain is protected with the strictest settings available: the guest list (SPF) is configured to authorise only your email server, the digital signature (DKIM) is applied to every email you send, and the bouncer (DMARC) is set to its strongest level — reject — meaning fake emails are blocked completely, not just flagged.
This is not something you need to request, configure, or pay extra for. It is part of the standard service. Many email providers either do not configure domain protection at all, configure it at the weakest level, or charge additional fees for stronger settings. With epost.plus, you get the highest level of protection automatically.
Two-Factor Authentication on All Accounts
Two-factor authentication is available on every epost.plus business email account and can be enforced across your entire organisation. This means that even if an attacker obtains a team member's password through phishing, they still cannot access the account. Your email accounts are protected by default, and you have the administrative tools to ensure every member of your team is covered.
Encrypted Delivery at Every Level
epost.plus enforces encryption on all email delivery. Emails in transit are protected by TLS encryption as standard. Beyond that, epost.plus implements MTA-STS — which tells other email servers that they must use encryption when sending to your domain — and DANE — which pins the encryption to verified certificates, preventing attackers from intercepting emails by impersonating your email server. This multi-layered encryption means that emails cannot be read or modified in transit, closing off the man-in-the-middle attacks that enable some forms of invoice fraud.
Advanced Spam and Phishing Filtering
Before any email reaches your inbox, epost.plus scans it for signs of phishing, malicious links, dangerous attachments, and known fraud patterns. The filtering catches the vast majority of phishing attempts and fraudulent emails before your team ever sees them. No filter is perfect, which is why the processes described earlier in this guide remain important — but effective filtering dramatically reduces the volume of threats your team needs to deal with.
UK and EU Data Centres
Your email data is stored in data centres located in the UK and EU, fully compliant with UK GDPR. This means your business communications are governed by UK and EU data protection law — not by the laws of a foreign jurisdiction. For businesses concerned about the security and sovereignty of their data, this provides a clear, simple compliance story.
UK-Based Support for Incident Response
If something does go wrong — if you suspect a breach, if you receive a sophisticated phishing attempt, or if you need urgent help with your email security — epost.plus support is available to help. You are not navigating an automated chatbot or waiting in a queue for a support agent in a different time zone. You are speaking to a team that understands UK businesses and UK threats.
You can view business email plans and order through smartxhosting.uk, or explore public administration email for organisations with specific compliance requirements. If you need a dedicated email infrastructure, business email server plans are also available for larger organisations.
epost.plus runs DMARC at p=reject with strict alignment, DNSSEC validation, MTA-STS in enforce mode, and DANE certificate pinning. This is the complete email authentication stack — the same level of protection used by major banks and government agencies. Your business domain gets enterprise-grade fraud prevention as standard, on every plan.
Frequently Asked Questions
How common is email fraud in the UK?
Email fraud is the most common type of cyber attack affecting UK businesses. According to the UK Government's Cyber Security Breaches Survey, around a third of all UK businesses identified a cyber attack in the previous twelve months, with phishing and fraudulent emails being the most frequently reported type. The National Crime Agency estimates that UK businesses lost over two hundred and forty-five million pounds to business email compromise in 2024 alone. The true figure is likely much higher because many incidents go unreported due to embarrassment or lack of awareness that a crime has occurred. Email fraud is not a rare or exotic threat — it is an everyday reality for businesses of every size and sector across the UK.
Am I too small to be a target for email fraud?
No. Small businesses are disproportionately targeted precisely because attackers know they typically have fewer security measures in place. A sole trader who processes invoices by email is just as attractive a target as a large corporation — sometimes more so, because the attacker faces less resistance. Automated tools allow criminals to target thousands of businesses simultaneously at almost no cost. They do not need to know anything about your business specifically. They send fraudulent emails in bulk and wait for someone, somewhere, to respond. The Federation of Small Businesses reports that small firms collectively face almost ten thousand cyber attacks per day in the UK. Size offers no protection — if anything, it increases your vulnerability.
Does insurance cover losses from email fraud?
Standard business insurance policies typically do not cover losses from email fraud. Most general liability and professional indemnity policies exclude cyber-related losses unless you have a specific cyber insurance policy in place. Even dedicated cyber insurance policies vary significantly in what they cover. Some cover direct financial losses from fraudulent transfers, while others cover only the cost of investigation and remediation. Many policies have exclusions for losses caused by employee error, which is exactly how most email fraud succeeds. If you do not currently have cyber insurance, it is worth investigating — but read the policy carefully, ask about business email compromise specifically, and do not assume that insurance replaces the need for prevention. Prevention is almost always cheaper than a claim, and far less disruptive to your business.
What should I do if I have already been defrauded by email?
Act immediately. Contact your bank first — if the payment was made recently, there may be a window to freeze or reverse it. Banks have procedures for handling fraudulent transfers, but speed is critical. Next, report the incident to Action Fraud at actionfraud.police.uk or by calling 0300 123 2040. This is the UK's national reporting centre for fraud and cyber crime. Change the passwords on all affected email accounts immediately and enable two-factor authentication if it is not already active. Preserve all evidence — do not delete the fraudulent emails, and take screenshots of any relevant correspondence. Notify your insurance provider if you have cyber insurance. Finally, inform your team so they are alert to any further attempts, and review your processes to understand how the fraud succeeded and what can be done to prevent a repeat.
How can I verify whether an email is genuine?
The single most reliable method is to verify through a separate channel. If you receive an email asking you to change payment details, transfer money, or take any action involving finances, pick up the phone and call the sender using a number you already have on file — not a number included in the suspicious email. If the email claims to be from your bank, call the number on the back of your bank card. If it claims to be from a supplier, call the number in your contacts or on their official website. Never rely solely on the content of the email itself to confirm its authenticity, because a well-crafted fraudulent email can be virtually indistinguishable from a genuine one. The phone call takes thirty seconds and can save you thousands of pounds.
What is domain protection and how does it stop email fraud?
Domain protection is a set of security measures that prevent other people from sending fake emails using your business domain name. Without domain protection, anyone in the world can send an email that appears to come from your domain — your clients, your suppliers, and your own staff would have no way to tell the difference. Domain protection works by publishing rules that tell receiving email systems which servers are authorised to send email on your behalf (like a guest list), adding a digital signature that proves the email has not been tampered with (like a wax seal), and setting a policy that tells receiving systems to block any email that fails these checks (like a bouncer). When properly configured, domain protection makes it extremely difficult for an attacker to impersonate your business by email. It does not prevent all types of email fraud, but it closes off one of the most dangerous attack routes: someone pretending to be you.