Email Authentication Check for NSW Estate Lawyers: Verify SPF, DMARC and DKIM Before a BEC Becomes a Notifiable Breach

You hold wills, enduring powers of attorney, beneficiary details, and trust correspondence — exactly the personal information attackers want, and exactly the material that turns a single spoofed email into a Notifiable Data Breach. Most NSW estate practices have never had an outside set of eyes confirm that the email domain they sign letters from actually rejects spoofed mail. The Email Security Check is a fixed-scope diagnostic that tells you, in writing, whether your domain is configured to make impersonation harder.

Why it matters now

Estate planning files concentrate sensitive personal information — health details, family relationships, asset positions — which sits squarely inside the definition of “personal information” regulated by the Privacy Act 1988 (Cth). Law firms with annual turnover above the threshold are APP entities and must handle that information in accordance with the 13 Australian Privacy Principles, as the Office of the Australian Information Commissioner sets out in its overview of the Privacy Act. Business email compromise is a recognised pathway to unauthorised disclosure: when an attacker spoofs a partner’s address to redirect estate distribution funds or extract beneficiary identity documents, the resulting exposure can meet the Notifiable Data Breaches threshold. The Australian Cyber Security Centre publishes specific guidance on BEC at https://www.cyber.gov.au/ and recommends SPF, DKIM, and DMARC as foundational controls for any organisation sending email under its own domain.

The 5-minute view

• The Privacy Act 1988 (Cth) applies to organisations with annual turnover above $3 million, and to some other organisations regardless of turnover (OAIC).
• The 13 Australian Privacy Principles govern collection, use, disclosure and security of personal information held by APP entities (OAIC).
• The Notifiable Data Breaches scheme requires APP entities to notify the OAIC and affected individuals when an eligible data breach occurs.
• SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting and Conformance) are the three DNS-published controls that allow receiving mail servers to detect and reject spoofed mail purporting to come from your domain.
• A DMARC policy of p=none collects reports but does not instruct receivers to reject — it provides visibility only, not enforcement.
• Estate practices typically correspond with executors, beneficiaries, accountants, and financial institutions over email, making domain spoofing a high-leverage vector for fraudulent fund redirection and personal information extraction.
• An external check verifies what is actually published in your public DNS records — the same view an attacker uses when planning a spoofing campaign.

What DRMO does about it

The Email Security Check is a productised L1 diagnostic. You provide your firm’s primary email domain (and any aliases you send from). DRMO runs the same authentication queries an external receiver would run: the published SPF record and its include chain, DKIM selector discovery and key validity, DMARC policy and reporting addresses, and the alignment between these records. The result is a fixed-scope PDF report identifying gaps, misconfigurations, and the specific remediation steps your IT provider can implement. This is the entry-level service in the DRMO catalogue and is designed to give estate practices a defensible written baseline before commissioning any larger engagement.

The check does not modify your DNS, does not require access to your mailbox, and does not constitute legal advice on Privacy Act obligations.

The deliverable

• PDF report scoped to one primary domain (additional domains scoped on request)
• SPF record analysis: syntax, include chain, lookup count, and ~all / -all posture
• DKIM analysis: detected selectors, key length, and validity
• DMARC analysis: policy (none / quarantine / reject), alignment mode, and reporting addresses
• Red / Amber / Green status per control with a plain-English explanation
• Prioritised remediation checklist that your IT provider can action
• Delivered via email within 1 business day of payment

CTA

Run the Email Security Check — AUD $99

A single-domain productised offer. No discovery call required. Suitable for any NSW estate practice that has not had its public email authentication records externally reviewed in the past 12 months.

For a deeper review covering active settlement files or matter correspondence, the Pre-Settlement BEC Audit and the DRMO Retainer are available as separate offers.

Sources

1. Office of the Australian Information Commissioner — The Privacy Act: https://www.oaic.gov.au/privacy/the-privacy-act
2. Australian Cyber Security Centre — general BEC and email authentication guidance (domain root): https://www.cyber.gov.au/
3. Federal Register of Legislation — Privacy Act 1988 (Cth) (domain root): https://www.legislation.gov.au/

DRMO capability references:

• Email Security Check (L1 service shape, productised; SPF/DMARC/DKIM scope)
• Pre-Settlement BEC Audit (L2 service shape, referenced as adjacent offer)