DMARC, or Domain-based Message Authentication, Reporting and Conformance, is an email authentication protocol developed to protect against phishing and spoofing attempts. It’s built on top of two existing mechanisms: Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM), and it prevent criminals from sending emails that appear to be from legitimate companies by falsifying the sender address.
Using DMARC allows a sender to demonstrate that an email is protected by SPF and/or DKIM, which tells the receiver of the message what to do if these authentication methods fail (e.g. filtering it as junk or completely reject it). Hence DMARC assists in handling these failed messages and by doing so, it aids in limiting the user’s exposure to fraudulent and harmful messages. Further, DMARC also facilitates for the email receiver to report back to the sender when messages pass or fail the DMARC authentication.
Infographic from dmarc.org
A new study by email security company ValiMail, confirms what phishers and online criminals already knew: most companies fail to authenticate their emails with DMARC. It doesn’t matter if we’re looking at companies on the Fortune 500, S&P 500, or if it’s a SME; companies fail to correctly authenticate emails with DMARC across the board. In fact, the study reveals that the failure rates across company sizes range from 62% to 80%, which should be a huge slap in the face for large enterprises considering how easy it is to set up.
As long as companies continue to neglects security aspects such as DMARC, there will always be criminals taking advantage of the situation. Thus, it’s crucial to check if your company is at risk, no matter if you work in a small or a multinational company.
DMARC policies are available to everyone, and published in the public Domain Name System (DNS). It takes around 15 minutes to set up, and your first step is to add SPF and DKIM before adding a DMARC record.
You can easily test whether your organization’s domain names have been authenticated properly by using ValiMail’s free online tool. If you find that your domains are not authenticated, make sure you give your ESP representative a call to discuss how to get it resolved sooner rather than later.
It’s in everyone’s interest that as many as possible adopt to the DMARC protocol standards. When companies start adopting DMARC and prioritize email safety, it will reduce or even end online fraud attempts such as email phishing.
This will help bringing back the trust in email marketing, and benefit the entire industry. So, next up on your to-do-list? Yes – check if your company use DMARC Authentication.
———————
About the author
Anders Hampf
Senior Online Marketing Manager
Anders has been working with online marketing for the last decade and is specialized in online monetization and email marketing. He has helped numerous companies to monetize their sites and come up with customized solution for his clients.
What does a 2015 e-commerce strategy look like for brands? Well according the Melbourne Online Retailer and ecommerce conference held last week, ecommerce strategies involve smart marketing, should be all encompassing, and including a plethora of solutions and services. All of this combined helps to ensure that brands are competitive in this modern day ecommerce […]
After more than 6 years of experience, I get the same question again and again: How can we engage our email lists from the initial subscription and convert them all the way through to loyal customers? For that reason, we joined last week a a Webinar with Bob Kamal from Lyris HQ who presented on […]
When you start an email campaign, the chances to become a successful campaign depend on many different variables. To keep it simple, our friends from SEJ and HubSpot made this Info-graphic that focuses on 7 points to make sure your results on email campaigns improve: 1. Email clients What are the most used email platforms […]