Business Email Compromise (BEC) Report

Last updated: July 1, 2026

The BEC Report gives you a current snapshot of business email compromise posture across your client base or for a specific client. Unlike the Compliance Summary Report, which tracks events over a selected time frame, the BEC Report reflects the state of your environment right now.


What this report does

The BEC Report evaluates five areas across your domains and inboxes. Run it for all clients to get a portfolio-level view, or scope it to a single client for a detailed breakdown.

The five areas evaluated:

  • SPF: whether domains have a valid Sender Policy Framework record configured

  • DMARC: whether domains have a valid DMARC policy in place

  • MFA: whether inboxes have multi-factor authentication enabled

  • Email Security: whether inboxes are covered by an email security product

  • Insecure Mail Forward Rules: whether any inboxes have forwarding rules that could expose data


Understanding status labels

Each of the five areas is rated using one of three statuses.

  • Good: The control is functioning correctly. Cork sees a clear, positive signal for this asset.

  • Needs Work: The control is missing or has a configuration that could be improved. Cork sees a signal that warrants attention but does not rise to the level of a compliance event.

  • Bad: Cork has identified a definitive non-working configuration. This status corresponds directly to an active compliance event in Cork Vantage.

Bad statuses in the BEC Report map 1:1 to red checkmarks and compliance events visible in the platform. Needs Work statuses are recommendations: they indicate areas worth reviewing and improving, even where a compliance event has not been created.


Domain overview table

Below the summary charts, the report lists each domain with their individual status across each of the five evaluation areas.

  • Scan for Bad statuses. Each one corresponds to a compliance event you can find in Cork Vantage.

  • To investigate, navigate to the client's Risk Insights page, filter to the relevant domain, and expand the compliance event to see full details and resolution steps.

  • Domains showing Bad for DMARC or SPF will have a corresponding red checkmark on their compliance event in the platform.

  • ESEC/MFA/Forwarding Rule categories are based on risk associated with inboxes under the given domain