What is DMARC?
DMARC stands for "Domain-based Message Authentication, Reporting, and Conformance." It's a way of making sure that the emails your brand sends are really from your brand, and not from scammers or spammers.
In short, DMARC is essentially a Pass/Fail checker to see if an email sent from your domain.com is meeting the current SPF/DKIM checks, and will determine how inboxes handle any emails that fail this check. This can vary from “Do Nothing” to “Reject this email”, with the latter of these two options being where most problems can arise.
Here's how it works:
- Sender's Domain: DMARC makes sure that the sender’s domain matches the email's domain. This is basically a check to ensure the sender is who they say they are.
- Authentication Methods: DMARC uses two other technologies, called SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail), to check if the email is real. Think of SPF as checking the return address on a letter, and DKIM as making sure the letter has a special seal to prove it's genuine.
- Policies: With DMARC, you can set up rules to say what should happen if an email doesn't pass the authentication tests. You can choose to reject the email, quarantine it (put it in a spam folder), or just monitor it without taking any action. Keep in mind that the more risk inherent in the email (domain reputation, length of time it’s been sending unverified, content), the more aggressive the inbox provider will be with handling the email.
- Reporting: DMARC keeps track of these emails and sends you reports about what's going on. It's like having a security camera in your house to see who's trying to get in.
In order for DMARC to work in general and within Drip, you must have a Custom Sending Domain set up and properly configured for your domain because when you first create your Drip account you will be sending unauthenticated email. We have an article with additional information on Custom Sending Domains and steps on how to set that up, which can be found here.
Why is DMARC important?
As of February 1st, 2024, Gmail and Yahoo are requiring that all bulk senders send from an authenticated domain and implement additional security measures so bad actors can’t spoof your email address and send under your name. These have long been recommended by Gmail, but are now being required to provide a safer, less spammy inbox for consumers.
Additionally, spammers and phishers are attacking user accounts more frequently these days. By gaining access to passwords, financial records, and other sensitive information, these malicious actors can easily compromise victims’ financial security and safety.
Email is a particularly common target for spoofing. Something easy like inserting the logo of a major brand into an email or making an email address look similar to a major brand can trick people into believing they’ve been sent something legitimate.
DMARC works to thwart these kinds of attacks at scale. Realistically, email providers can’t inspect every email that passes through their servers to determine which ones to allow and which ones are security risks. When combined with SPF & DKIM, DMARC is a powerful tool that ensures the security of your emails and protects your subscribers from external threats.
Benefits of DMARC
DMARC records protect your company, your domain, and the people you send to. It can also provide insight into who’s using your email domain to send unauthorized emails. Over time, it will make your email sending more secure while also increasing your company’s sender reputation.