PhishFence for DORA
DORA, the Digital Operational Resilience Act (EU) 2022/2554, requires financial entities to manage ICT risk and to use secure means of transferring data. PhishFence supports those duties for the email channel with continuous email-authentication monitoring, lookalike-domain detection, and producible audit evidence.
Straight talk on the law
An honest note: DORA does not name SPF, DKIM, or DMARC in its legal text. It is an ICT operational-resilience regulation that requires sound ICT risk management and secure means of transferring data. Email authentication supports those controls for the email channel and is the cheapest, most visible way to evidence them, which is why a supervisor will expect to see it. PhishFence supports DORA; it does not certify compliance with it.
Article 9. ICT risk-management tools and secure data transfer
Article 9 requires financial entities to continuously monitor and control ICT systems and to use mechanisms that preserve the authenticity, integrity, and confidentiality of data, including secure means of data transfer. How PhishFence supports each:
Secure means of data transfer (Art. 9(3))
SPF, DKIM, and DMARC plus MTA-STS (with TLS-RPT) contribute to authenticated, encrypted email in transit, supporting the duty to use secure means of transferring data. The enforcement wizard guides DMARC from p=none to p=reject. Evidence: per-domain rollout history with timestamped policy transitions.
Continuous monitoring and control (Art. 9(1))
Hourly domain scans, continuous DMARC aggregate-report ingestion, and Certificate Transparency log monitoring support the duty to continuously monitor ICT security on the email channel. Evidence: scan history with timestamps that demonstrate ongoing operation, not point-in-time checks.
Authenticity and integrity of data (Art. 9(2))
DKIM signing and DMARC alignment contribute to the authenticity and integrity of email, so a recipient can verify a message genuinely came from your domain and was not altered. Evidence: per-source-IP aggregate report breakdown with alignment results.
Impersonation detection
Lookalike and typosquat domain monitoring surfaces impersonation of the financial entity within minutes of a malicious registration appearing in DNS or SSL Certificate Transparency logs. Evidence: timestamped alert log retained for the audit window.
Article 28. ICT third-party risk (where PhishFence is your provider)
Article 28 applies where PhishFence is your third-party ICT provider. In that case the audit trail and continuous monitoring support evidencing how ICT third-party risk on the email channel is managed (Art. 28(1)), and the observed authentication posture contributes to evidencing that appropriate information-security standards are in place (Art. 28(5)).
This article does not apply when PhishFence is simply a monitoring tool you operate yourself. We present it conditionally so the mapping stays accurate to your relationship with us.
Evidence pack for your supervisor
The compliance evidence pack (one click on the dashboard) includes:
- Email-authentication posture: SPF, DKIM, DMARC with enforcement stage
- Transport and domain health: MTA-STS, TLS-RPT, certificate and registration expiry
- Brand-protection monitoring status with the open lookalike-alert count
- A summarised, PII-free audit trail of control-relevant activity
- A per-control mapping of the observed posture to DORA Articles 9 and 28
Every row in the mapping says how the posture supports or contributes to a control. It does not certify DORA compliance.
Preparing for a DORA review?
Sign up free, monitor your domain in 60 seconds, and have an evidence-ready email posture before your next supervisory review.
PhishFence is not a legal or compliance advisor and does not perform DORA assessments. We provide controls and evidence; the determination of DORA compliance is for you, your legal team, and your supervisor. Statements above describe how PhishFence outputs support DORA Articles 9 and 28; the application of DORA to your entity governs.