What is DMARC and why do all email marketers need to know about it?

DMARC, or Domain-based Message Authentication, Reporting and Conformance, is an email authentication protocol developed to protect against phishing and spoofing attempts. It’s built on top of two existing mechanisms: Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM), and it prevent criminals from sending emails that appear to be from legitimate companies by falsifying the sender address.

How does it work?

Using DMARC allows a sender to demonstrate that an email is protected by SPF and/or DKIM, which tells the receiver of the message what to do if these authentication methods fail (e.g. filtering it as junk or completely reject it). Hence DMARC assists in handling these failed messages and by doing so, it aids in limiting the user’s exposure to fraudulent and harmful messages. Further, DMARC also facilitates for the email receiver to report back to the sender when messages pass or fail the DMARC authentication.


Infographic from dmarc.org

Why is it important?

A new study by email security company ValiMail, confirms what phishers and online criminals already knew: most companies fail to authenticate their emails with DMARC. It doesn’t matter if we’re looking at companies on the Fortune 500, S&P 500, or if it’s a SME; companies fail to correctly authenticate emails with DMARC across the board. In fact, the study reveals that the failure rates across company sizes range from 62% to 80%, which should be a huge slap in the face for large enterprises considering how easy it is to set up.

As long as companies continue to neglects security aspects such as DMARC, there will always be criminals taking advantage of the situation. Thus, it’s crucial to check if your company is at risk, no matter if you work in a small or a multinational company.

How to set it up and test if you’re protected

DMARC policies are available to everyone, and published in the public Domain Name System (DNS). It takes around 15 minutes to set up, and your first step is to add SPF and DKIM before adding a DMARC record.

You can easily test whether your organization’s domain names have been authenticated properly by using ValiMail’s free online tool. If you find that your domains are not authenticated, make sure you give your ESP representative a call to discuss how to get it resolved sooner rather than later.

It’s in everyone’s interest that as many as possible adopt to the DMARC protocol standards.  When companies start adopting DMARC and prioritize email safety, it will reduce or even end online fraud attempts such as email phishing.

This will help bringing back the trust in email marketing, and benefit the entire industry. So, next up on your to-do-list? Yes – check if your company use DMARC Authentication.


About the author
Anders Hampf
Senior Online Marketing Manager
Anders has been working with online marketing for the last decade and is specialized in online monetization and email marketing. He has helped numerous companies to monetize their sites and come up with customized solution for his clients.anders-hampf-bnw