What is DMARC?
Domain-based Message Authentication, Reporting & Conformance or DMARC is an additional layer of security you can enable for your domain in a few different varying degrees of severity. For anyone who is brand new to email, this is typically not something that we recommend setting up, but as a business matures and is sending more and more emails, this is definitely something to consider as it will ensure that only you can send emails from your domain.
In short, DMARC is essentially a Pass/Fail checker to see if an email sent from your firstname.lastname@example.org is meeting the current SPF/DKIM checks, and will determine how inboxes handle any emails that fail this check. This can vary from “Do Nothing” to “Reject this email”, with the later of these two options being where most problems can arise.
In order for DMARC to work, and to work with Drip, you must have a Custom Sending Domain setup and properly configured for your domain, as when you first create your Drip account you will be sending unauthenticated email. We have an article with additional information on Custom Sending domains and steps on how to set that up which can be found here.
We do not provide instructions on how to setup a DMARC record as this is typically something that you will want to make sure to troubleshoot and work with your Webmaster or IT team to implement in stages. With that being said, Drip does fully integrate and work with DMARC security provided you setup your Custom Sending Domain beforehand.
Benefits and drawbacks of DMARC
DMARC is by no means necessary to use currently, but it does allow you to monitor for emails that may fail authentication, whether those be emails that a tool you forgot about is sending out, or someone else is sending out pretending to be you. These reports are generated and sent to an email address of your choosing which you setup within your DMARC policy record.
Additionally, having additional security setup on your emails does allow your email to be delivered to some more high security networks. If you work within the European region or have customers who use a t-online.de email address, this is one example of a mail network that requires you to use mail authentication (Custom Sending Domains) but may update their policies to require DMARC in the future.
In terms of drawbacks, DMARC when working correctly shouldn’t result in many issues, but due to how DMARC can be setup to reject or mark emails as spam, any new mail source you setup can potentially run into issues if you try to send mails before properly setting everything up. Things like creating a new mailing domain, setting up a new email tool, a new shopping cart that sends mail on your behalf, and similar things like this may run into issues early on during their setup due to not being able to get emails through. Once you have decided to setup a DMARC policy, you will want to communicate with everyone in your company that any tool that sends emails must be properly configured before sending mail.
Tips and tricks if you have DMARC enabled
We heavily recommend starting you with your policy setup as `p=none` for at least the first few weeks while you are getting things setup. This policy level will still generate reports for failed DMARC checks, which you can review, and try to track down where those emails are coming from. Anything that is mission critical for your business should be fixed and adjusted prior to upping your security level.
Once you have all of your emails passing the checks, you can then bump up your policy to either `quarantine` or `reject`. This is ultimately up to you, but whenever you are spinning up a new email tool, you can drop your security level back down to `p=none` to ensure that even if an email fails, it doesn’t get throw out or marked as spam.
In addition to this, it is highly recommended that once you have your setup working well that you refrain from editing your DNS settings, and especially the Drip records for your Custom Sending Domain. Changing these records, or deleting them can cause all email sent to suddenly stop delivering if you have a more prohibitive policy in place. This can disrupt things like order confirmations, abandon carts, etc, which may cause issues with your sales in the short term!
Lastly, it is highly recommend to set your report recipient email to be something that actively gets checked on a regular basis. While you may not need to read these reports daily once things are fully set up, having those reports will allow you to pinpoint when something does go wrong, and what the source is. We would generally advise someone to take a look at these reports once per week until your failure rate is less than 1%, or when any changes are made to your email ecosystem, whether that be how often you are mailing, your content changes, or if you know you are going into a busy period of your year.