Case Study
- 8 minutes read
Cybersecurity in real estate: Growthpoint achieves DMARC enforcement
Growthpoint reduces spear phishing and whaling risk for stakeholders
As a B2B real estate leader, Growthpoint Properties knows that email is central to how it communicates with stakeholders. Cybersecurity in real estate is critical, as large transactions, leases, and long-term projects are often negotiated over email. Because the company uses multiple domains and third-party senders, attackers frequently try to spoof Growthpoint in high-value business conversations.
Before DMARC (Domain-based Message Authentication, Reporting, and Conformance) was fully enforced, these domains were more exposed to spear phishing and whaling attacks. Clients, investors, and employees were at greater risk of receiving convincing payment diversion attempts and fraudulent requests that appeared to come from Growthpoint.
About Growthpoint Properties
Growthpoint Properties is a major player in the real estate sector, serving organizations across South Africa, Eastern Europe, and Australia. Its portfolio supports commercial activity across a wide range of industries.
Established in 1987, Growthpoint has grown from an initial listing of 17 properties to South Africa’s largest Real Estate Investment Trust (REIT). Today, over 600 employees support customers with Growthpoint’s Office, Retail, Logistics, Trading & Development, Healthcare, and Student Accommodation offerings.
475
Physical properties
R155B+
In assets
R62B+*
Market capitalization
*As of February 2026.
The challenge
As a B2B company handling large transactions and sensitive information, Growthpoint recognized that its partners, employees, and clients could be appealing targets for cybercriminals.
As they reviewed their email security posture, they identified several issues:
- A misconfigured SPF (Sender Policy Framework) record
- An incorrect DKIM (DomainKeys Identified Mail) record
- A DMARC policy set to p=none (monitoring)
- Ongoing exposure to spear phishing and whaling attempts
- Increased risk of payment diversion and fraudulent requests
- Reduced deliverability of legitimate emails
- Decreased trust in email communication
Requirements
Growthpoint Properties needed a solution that would:
- Provide expert support to help internal teams configure SPF, DKIM, and DMARC correctly, enabling a safe transition to a DMARC policy of p=reject
- Protect customers, investors, and employees by defending against domain spoofing and reducing the risk of targeted attacks
- Improve the deliverability of legitimate email and strengthen stakeholders’ trust in Growthpoint-branded communication
Results
- Simplified management of SPF, DKIM, and DMARC
- Stronger protection against domain spoofing
- Greater assurance for clients, investors, and staff
- Enhanced deliverability and confidence in email
- ️Ongoing monitoring and access to expert guidance
What the client had to say:
“Partnering with Sendmarc gave us clear visibility and control over our email domains. We moved from monitoring to DMARC enforcement with confidence, significantly reducing spoofing and the risk of fraudulent emails impersonating Growthpoint.
The Sendmarc team simplified a complex process and provided the expertise we needed to implement DMARC correctly across multiple domains.”
– Nishlen Moodley | IT Manager
Sendmarc delivers enterprise-grade security
Built for complex environments with multiple domains and third-party platforms, Sendmarc strengthens email security and provides the visibility enterprises need to operate safely. Learn more about how Sendmarc supports enterprises.
