Pinpoint Field Services (888) 530-7592

Most Title Companies Are Missing a 15-Minute Fix That Prevents Wire Fraud

We handle real estate closings for title companies every day. That means we're exchanging emails about signing appointments, document packages, and closing details -- the same kinds of emails that wire fraud attackers impersonate to steal money.

So we decided to look into something. We checked the email security configuration of a couple dozen title companies across the country -- large and small, across multiple states. Specifically, we looked at whether their domains were protected against email spoofing -- the technique where someone sends an email that appears to come from your company, but doesn't.

The results were not good.

What we found

Roughly 30% had no email spoofing protection at all. No DMARC record. Anyone with basic technical knowledge could send an email that looks like it comes from their domain. The recipient -- a borrower, a lender, a real estate agent -- would have no way to tell it's fake.

About 40% had a DMARC record, but it was set to monitoring only. That means they'd turned the feature on but configured it to watch without actually blocking anything. Spoofed emails still land in the recipient's inbox. It's the equivalent of a security camera that records but never alerts anyone.

Only 30% were properly configured with DMARC policies that actively quarantine or reject spoofed emails.

In other words, 70% of the title companies we looked at were either completely unprotected or had a false sense of security.

Why this matters in the title industry

Email spoofing is how most wire fraud starts. The attack is simple: a bad actor sends an email that appears to come from the title company, the lender, or the real estate agent. The email contains wire instructions -- except they're the attacker's wire instructions, not yours. The borrower sends their down payment to the wrong account. The money is gone within hours.

The FBI's Internet Crime Complaint Center has reported hundreds of millions in annual losses from real estate wire fraud. The title industry is one of the most targeted sectors because the transactions are large, time-sensitive, and involve multiple parties communicating by email.

DMARC doesn't prevent all wire fraud. But it prevents the most common entry point: someone impersonating your email domain. Without DMARC enforcement, there is nothing stopping a fraudster from sending an email as closings@yourtitlecompany.com to a borrower with fake wire instructions.

What DMARC actually does

DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. In plain terms, it's a DNS record that tells receiving email servers what to do when someone sends an email claiming to be from your domain but isn't authenticated.

There are three policy levels:

p=none -- Monitor only. The record exists, reports are generated, but spoofed emails are still delivered. This is the "security camera with nobody watching" configuration. About 40% of the companies we checked were here.

p=quarantine -- Suspicious emails are sent to spam. This is meaningful protection. The spoofed email still exists but the recipient is unlikely to see it.

p=reject -- Spoofed emails are blocked entirely. They never reach the recipient. This is the strongest protection.

Most email providers -- Gmail, Microsoft 365, Yahoo -- support DMARC and will enforce whichever policy you set. If you set no policy, they have nothing to enforce.

Check yours in 60 seconds

Enter your domain below and we'll show you your results instantly.

Your results will open in a new tab.

You can also check manually at MXToolbox (mxtoolbox.com). Enter your domain, click "MX Lookup," and scroll to the test results. You're looking for two things:

  1. DMARC Record Published -- Is there a green check or a red X?
  2. DMARC Policy -- If the record exists, is it set to quarantine/reject (protected) or none (monitoring only)?

If you see a red X next to DMARC, your domain can be spoofed right now.

How to fix it

The fix is a single DNS record. Your IT person, email administrator, or domain registrar can add it in about 15 minutes.

Step 1: Add a DMARC record in monitoring mode.

Add a TXT record for _dmarc.yourdomain.com with this value:

v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.com; fo=1;

This turns on monitoring without blocking anything. Reports will start arriving at the email address you specify, showing you every service and server sending email on behalf of your domain.

Step 2: Review the reports for 2-4 weeks.

The reports arrive as XML files, which are difficult to read manually. Free tools like Postmark's DMARC monitoring service or Google's DMARC report analyzer will parse them into a readable dashboard. What you're looking for: every legitimate service that sends email from your domain -- your email provider, your CRM, your title production software, your e-fax service, marketing tools. All of these need to be authenticated (SPF and DKIM configured) before you turn on enforcement.

This step matters. If you skip it and go straight to enforcement, you may block legitimate emails from third-party services that send on your behalf. A title company often has five to ten services sending email from their domain -- Qualia or Resware notifications, CRM updates, website contact forms, document signing platforms. All of these need to be accounted for first.

Step 3: Move to enforcement.

Once you've confirmed all legitimate senders are authenticated, change p=none to p=quarantine:

v=DMARC1; p=quarantine; rua=mailto:dmarc-reports@yourdomain.com; fo=1;

That one-word change -- none to quarantine -- is the difference between monitoring a problem and actually preventing it.

After running on quarantine with no issues for a few weeks, you can optionally move to p=reject for the strongest protection.

We fixed our own this week

When we started this research, our own DMARC policy was set to monitoring only -- the same configuration we found at 40% of the companies we checked. We changed it to quarantine. It took five minutes.

We're a signing service, not an IT company. But we handle sensitive closing data for our clients every day, and we think the companies we work with should be protected too.

We work with title companies on closings every day.

If you want a signing service that takes data security as seriously as you do, we'd like to work with you.

Learn how we work with title companies →

Pinpoint Field Services is a mobile notary signing service for title companies, real estate attorneys, and mortgage lenders. We cover real estate closings nationwide.