DMARC, or Domain-based Message Authentication, Reporting and Conformance, is an email authentication protocol developed to protect against phishing and spoofing attempts. It’s built on top of two existing mechanisms: Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM), and it prevent criminals from sending emails that appear to be from legitimate companies by falsifying the sender address.
Using DMARC allows a sender to demonstrate that an email is protected by SPF and/or DKIM, which tells the receiver of the message what to do if these authentication methods fail (e.g. filtering it as junk or completely reject it). Hence DMARC assists in handling these failed messages and by doing so, it aids in limiting the user’s exposure to fraudulent and harmful messages. Further, DMARC also facilitates for the email receiver to report back to the sender when messages pass or fail the DMARC authentication.
Infographic from dmarc.org
A new study by email security company ValiMail, confirms what phishers and online criminals already knew: most companies fail to authenticate their emails with DMARC. It doesn’t matter if we’re looking at companies on the Fortune 500, S&P 500, or if it’s a SME; companies fail to correctly authenticate emails with DMARC across the board. In fact, the study reveals that the failure rates across company sizes range from 62% to 80%, which should be a huge slap in the face for large enterprises considering how easy it is to set up.
As long as companies continue to neglects security aspects such as DMARC, there will always be criminals taking advantage of the situation. Thus, it’s crucial to check if your company is at risk, no matter if you work in a small or a multinational company.
DMARC policies are available to everyone, and published in the public Domain Name System (DNS). It takes around 15 minutes to set up, and your first step is to add SPF and DKIM before adding a DMARC record.
You can easily test whether your organization’s domain names have been authenticated properly by using ValiMail’s free online tool. If you find that your domains are not authenticated, make sure you give your ESP representative a call to discuss how to get it resolved sooner rather than later.
It’s in everyone’s interest that as many as possible adopt to the DMARC protocol standards. When companies start adopting DMARC and prioritize email safety, it will reduce or even end online fraud attempts such as email phishing.
This will help bringing back the trust in email marketing, and benefit the entire industry. So, next up on your to-do-list? Yes – check if your company use DMARC Authentication.
———————
About the author
Anders Hampf
Senior Online Marketing Manager
Anders has been working with online marketing for the last decade and is specialized in online monetization and email marketing. He has helped numerous companies to monetize their sites and come up with customized solution for his clients.
Email marketers know it already, but it can always come in handy to have fresh stats to throw into the marketing budget discussion. Email again comes out on top of all sales channels when summarizing 2016. The results in eConsultancy’s annual research report are categorically clear; also 2016 email got the highest Return On Investment with 73% of […]
When Barack Obama won the presidential election 8 years ago and became the 44th president of the US, he did it with the help of social media and the ability to spark the young generation of Americans. He appeared on talk shows, spoke with engagement on political change, and he even convinced the ‘Land of […]
I often listen to email marketers complaining about poor email performance, and they explain all the things they do well, including email personalisation and automated email programs. But in the end of the day they don’t get the response they’re after. However, sometimes you need to take one step back before taking two steps forward, […]