MCP Email Security Assessment

MCP-ESA is an executive-level Email Security Assessment that interprets DMARC telemetry into decision-grade posture, formal findings, and trend visibility for security and risk leaders.

Why MCP-ESA exist

The reason I created MCP-ESA and focused on DMARC telemetry is simple. It’s because a customer needed help with what is becoming a common problem for some businesses.

A customer came to me believing their Microsoft 365 environment had been compromised. Customers were forwarding spoofed invoices that appeared to come from legitimate addresses within their domain. From their perspective, email had been “hacked.”

It hadn’t.

Email, like the internet itself, depends on DNS the way humans depend on air. When authentication records are missing or incomplete, spoofing doesn’t require a breach — it requires absence.

In this case, DKIM records were not present. That led to implementing DKIM, followed by DMARC. Once DMARC was enabled, aggregate reports began arriving daily — technically correct, structurally dense, and operationally confusing.

Neither the customer nor I initially knew what to make of them.

That confusion initially led to building a DMARC aggregate reporting application. But over time, a more important realization emerged: the problem wasn’t access to data — it was perspective.

I was looking at individual messages, sources, and percentages — the trees — while the organization needed to understand posture, exposure, and direction — the forest.

MCP-ESA was born from that realization: not to generate more reports, but to provide the decision-grade visibility that executive decision-making actually requires.

What MCP-ESA Produces

• Executive Email Security Posture Score
• Formal Risk Findings (or explicit “No Findings”)
• Trend & Change Assessment across defined windows