For businesses today, it is vital that emails, whether for marketing or other purposes, get delivered to your customers. If they get blocked or sent to spam, potential revenue is lost and important messages aren’t received. However, with the rise in spoofing and phishing, email providers like Google and Yahoo are implementing tighter rules. If you’re a bulk sender to these providers and don’t comply with their new DMARC rules by 1 April 2024, the deliverability of your emails may be affected. Here we look at what DMARC is, why it is important and how to implement it.
Contents
Understanding DMARC
Domain-based Message Authentication, Reporting & Conformance, DMARC for short, is an email security protocol that enables recipient servers to verify your email is legitimate. The protocol uses two existing verification methods, the Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). The SPF identifies the servers and services that have been authorised to send your emails, while DKIM verifies that the content of your messages has not been interfered with. At the same time, DMARC allows you to tell receiving servers how to handle emails that fail these checks.
When you send an email, the SPF and DKIM records in your DNS can be used by the recipient to verify your identity. If the email fails verification, your DMARC policy instructs the recipient server on whether to accept the email, quarantine it or block it completely. You will also be provided with a report informing you of how your emails are being handled so you can identify unauthorised use of your domain.
Don’t become a victim, read: The Tell-Tale Signs of a Phishing Email
Compliance requirements by Google and Yahoo
Google and Yahoo tightened their email verification rules on 1 Feb 2024 and on 1 April 2024, those that do not comply will see a percentage of their unverified emails blocked. Over time, this percentage will increase.
To comply with Google and Yahoo, all businesses that send more than 5,000 emails a day to either of these service providers must have a DMARC policy in place. The policy must also align with either the SPF or the DKIM framework. Additionally, from 1 June 2024, all marketing emails must contain a one-click unsubscribe link or button.
Failure to comply means your emails could see reduced deliverability on the Gmail and Yahoo platforms with the rate of rejection increasing over time.
Find out: How to Prevent Email Data Breaches
Benefits of DMARC compliance
Complying with DMARC brings a number of important benefits. Firstly, it ensures that your emails are not going to be rejected or filtered into spam folders, ensuring that your marketing campaigns aren’t affected and that important communications are received by your customers.
Equally important is that it helps receiving email servers to better understand which emails using your domain are genuinely from you and which have been spoofed. This helps them block phishing and other malicious emails from arriving in your customers’ inboxes while purporting to have come directly from you. As a result, fewer of your customers will be defrauded by cybercriminals or see their devices infected with malware. What’s more, as spoof emails make unauthorised use of your domain name, eradicating them is vital to ensuring your business’ reputation and customer trust.
Finally, with DMARC implemented, you’ll also receive reports that give insights into your email traffic. This can be helpful in implementing security measures to prevent further incidents of spoofing.
Step-by-step DMARC implementation
Setting up DMARC can be tricky and requires some technical know-how. To help, here is a step-by-step guide.
- Ensure SPF and DKIM are set upBefore you can implement DMARC, you need to make sure that the Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) are correctly configured for your domain. DMARC will need these to authenticate your emails.
- Create a DMARC recordThis is the most challenging aspect of the process as you will need to create a TXT record and save it in your domain’s DNS in the control panel. Its function is to specify the DMARC policies which tell receiving mail servers how to handle emails that don’t comply.The TXT record can be quite complex to create as there are a range of different parameters that can be included, depending on the specific nature of your email set-up and the choice of policy for non-compliant mail. There are online tools you can use to help you create an accurate DMARC TXT record, or you can use the services of a professional consultant who will carry out the task for you.
With regard to policy options, there are three to choose from: ‘none’, ‘quarantine’ and ‘reject’. The ‘none’ option tells the receiving email server to take no action with unverified emails. ‘Quarantine’ tells the recipient to quarantine them, and ‘Reject’, meanwhile, advises that they are blocked. To comply with Google and Yahoo’s DMARC rules, you only need to have a policy in place, there is no requirement for which option you choose. However, the safest choice is to opt for ‘none’ as this will result in fewer of your emails potentially being rejected and give you the option to monitor them.
Once you have completed the TXT record, publishing it in your domain’s DNS will make it available to email servers who can then use it to validate your emails.
- Analyse reportsWith DMARC set up, you’ll receive two sets of reports from receiving web servers – aggregate reports (RUA) and forensic reports (RUF). You can use these to find information about emails which pass and fail DMARC checks. This can tell you about unauthorised emails using your domain and whether you need to enforce a stricter ‘quarantine or ‘reject’ policy. At the same time, you can discover if any legitimate emails are getting blocked and update your SPF or DKIM accordingly to prevent this.
Authentication alignment
Google and Yahoo require your DMARC record to align with your SPF or DKIM. To ensure this is in place, firstly, make sure your SPF record includes all the IP addresses which are authorised to send emails on behalf of your domain, including any third-party services you use. Secondly, check that your DKIM is signing emails correctly. Finally, check that your DMARC policy is set to require alignment.
Learn How to Get Your Marketing Emails Read
Common challenges in DMARC implementation
Aside from the technical challenges of creating the DMARC TXT record, there are a number of other issues that can affect the implementation. If you have incorrectly configured SPF and DKIM records, for example, then legitimate emails can fail authentication checks and end up being blocked. Regular checking your SPF and DKIM to ensure they are accurate can help remove any problems with deliverability.
Another challenge for businesses with limited technical experience is that DMARC reports can be difficult to interpret, making it harder for you to spot issues. One way around this is to make use of third-party DMARC reporting tools. These can provide user-friendly interfaces that make the information easier to understand.
Conclusion
From April 1, 2024, bulk senders of emails will need to implement DMARC to comply with Google and Yahoo’s new rules and avoid potential deliverability issues. From reading this article, you should now have a better understanding of what DMARC is, its importance and crucially, how to implement it.
Keep your email contents secure and protect your customers from phishing and other malicious emails with Email Signing Certificates.