The Verizon Data Breach Investigations Report (DBIR) 2017 found that around 90% of breaches occur due to phishing, which is aided by successful email spoofing. Companies allowing spoofed emails from their domain are more likely to fall victim to phishing attacks. The release of VRT 1.6 includes changes to internal SSRF and how email spoofing is rated, with a focus on the baselines around SPF and DMARC. Major email providers have moved away from the SPF standard and now rely on DMARC, making it essential for companies to set up DMARC on their email domains to prevent spoofed emails from landing in inboxes. The VRT has updated its classification levels for email spoofing to P3/P4 and P5, reflecting the growing concern around this issue and encouraging companies to take action to protect themselves.