DMARC, or Domain-based Message Authentication, Reporting and Conformance, is an email authentication protocol developed to protect against phishing and spoofing attempts. It’s built on top of two existing mechanisms: Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM), and it prevent criminals from sending emails that appear to be from legitimate companies by falsifying the sender address.
Using DMARC allows a sender to demonstrate that an email is protected by SPF and/or DKIM, which tells the receiver of the message what to do if these authentication methods fail (e.g. filtering it as junk or completely reject it). Hence DMARC assists in handling these failed messages and by doing so, it aids in limiting the user’s exposure to fraudulent and harmful messages. Further, DMARC also facilitates for the email receiver to report back to the sender when messages pass or fail the DMARC authentication.
Infographic from dmarc.org
A new study by email security company ValiMail, confirms what phishers and online criminals already knew: most companies fail to authenticate their emails with DMARC. It doesn’t matter if we’re looking at companies on the Fortune 500, S&P 500, or if it’s a SME; companies fail to correctly authenticate emails with DMARC across the board. In fact, the study reveals that the failure rates across company sizes range from 62% to 80%, which should be a huge slap in the face for large enterprises considering how easy it is to set up.
As long as companies continue to neglects security aspects such as DMARC, there will always be criminals taking advantage of the situation. Thus, it’s crucial to check if your company is at risk, no matter if you work in a small or a multinational company.
DMARC policies are available to everyone, and published in the public Domain Name System (DNS). It takes around 15 minutes to set up, and your first step is to add SPF and DKIM before adding a DMARC record.
You can easily test whether your organization’s domain names have been authenticated properly by using ValiMail’s free online tool. If you find that your domains are not authenticated, make sure you give your ESP representative a call to discuss how to get it resolved sooner rather than later.
It’s in everyone’s interest that as many as possible adopt to the DMARC protocol standards. When companies start adopting DMARC and prioritize email safety, it will reduce or even end online fraud attempts such as email phishing.
This will help bringing back the trust in email marketing, and benefit the entire industry. So, next up on your to-do-list? Yes – check if your company use DMARC Authentication.
———————
About the author
Anders Hampf
Senior Online Marketing Manager
Anders has been working with online marketing for the last decade and is specialized in online monetization and email marketing. He has helped numerous companies to monetize their sites and come up with customized solution for his clients.
[The 3 Key Ingredients for your Customer Acquisition Cake] Customer Acquisition is, perhaps unsurprisingly, just as it sounds… the process of acquiring new customers. Despite the simplicity of the definition, the execution is another story. With increasingly competitive markets and new technologies being developed every year, the options available for the modern business to reach […]
This week Dotmailer, one of the major ESPs, released their annual email marketing report outlining the best and worse of 100 influential global retailers. Below their ranking of the top 10 retail companies for email marketing and customer experience: ASOS Best Buy Asda EasyJet John Lewis J.Crew Holiday Extras New Look Overstock Trainline Left are 90 […]
The digital marketing landscape is ever-changing; we all know this. Keeping ahead of the game can often be put down to who you surround yourself with, not only in person but also online. With this in mind, we have consolidated advice from 5 of the top minds in digital media on how to succeed in […]