State of Play - January 21


With a mission to keep you safe, Loan Market has invested heavily in new email security in the form of DMARC (Domain-based Message Authentication, Reporting and Conformance).

DMARC helps prevent spoofing of our domains and email addresses by malicious fraudulent actors. The broking industry is a prime target for hackers to take advantage of due to the high-stakes and rapid transactions for all parties involved. By spoofing our domain a client can quite easily fall into the trap of believing they are talking to you, their broker, when they're actually speaking with a fraudulent actor.

But fear not! We're implementing DMARC, allowing a sender (you) to indicate that our messages are protected, and tells a receiver (your customers) what to do with the message if the message fails to pass an authentication method. This is all handled automatically by the backend email providers (e.g. Google, Microsoft, etc). DMARC helps prevent the sending of fraudulent email using our organisations domain (e.g. loanmarket.com.au).

Why are we doing this?

DMARC is a global initiative to secure email for everyone. It is common email security practice and is mandated across government in the UK and US alike. By implementing DMARC, we are not only securing our critical business email, but also helping to protect our brand reputation and increase email deliverability to our customers.

What does this mean for you? 

Once we set our DMARC policy to reject, only authorised mail (mail we specifically know we are sending and is properly configured) will meet our security requirements and will be delivered to end users.

What about the mail that I send from Gmail and other vendors/providers?

Don’t worry, most of the big providers have already been configured to meet our security requirements for DMARC. Some of the providers already configured are: Gmail, Mandrill, ActivePipe, True Logic, SendGrid, CustomerIO, Amazon SES, ProofPoint. Mailchimp has been configured for the accounts that we are aware of. If you have a Mailchimp account and have not been in contact with the Loan Market Security team, please contact us below and we can assist in the correct configuration of this account for you.

What if I am unsure?

If you have any questions regarding email delivery please contact security@loanmarket.com.au and one of our Security Team experts will be happy to assist and answer your questions.

What are the net steps for Loan Market? 

The next steps will be changing the DMARC policy to reject. This means we will be changing our policy to reject and thus prevent any unauthorised mail being delivered on behalf of Loan Market. This will apply to loanmarket.com, loanmarket.com.au and loanmarket.co.nz

If you are curious about how DMARC works, here is a video which explains what DMARC is and how it works: https://youtu.be/Ct0pEIguGsY