Trouble with Emails? DMARC: What You Should Know
While email is a vital personal and business tool, in the past several years, SPAM emails and email phishing attacks have been on the rise, causing major problems for both recipients and senders alike. In fact, some sources have pegged SPAM and phishing emails to account for almost half of the worldwide volume of emails sent on a daily basis.
It's a constant cat-and-mouse game, especially with the advent of AI tools. As a result, email providers are tightening up their filtering systems. In 2024, Yahoo! and Google are both requiring larger email senders to validate their emails using SPF, DKIM and DMARC policies. Smaller companies may feel this doesn't impact them. However, these rules also apply to 3rd party email services like MailChimp, Shopify and the like. Additionally, companies beyond Google and Yahoo! are beginning to reject emails that do not have basic configurations set correctly. The main focus is on SPF, DKIM and DMARC policies.
An SPF (Sender Policy Framework) record is a list of authorized servers that can send mail on your behalf; DKIM (DomainKeys Identified Mail) is a more sophisticated guarantee of authenticity that mail has, in fact, been sent by you and is superior to just SPF as it can be forwarded. DMARC provides direction to receiving email systems on how to process emails that fail SPF and DKIM tests. The DMARC record instructs the receiver to mark those messages as SPAM or to reject the messages entirely.
For email senders, it's critical to set up all three of these tools in order to ensure email deliverability and, perhaps more importantly, protect their domain and company reputation from damage caused by email spoofing, where an unauthorized sender pretends to send emails to the legitimate user's behalf, causing damage to their reputation.
SPF and DKIM are both easily set in the sender's DNS. Once set up, allow some time for the settings to propagate around the Internet and test them with the tools mentioned below.
Once SPF and DKIM are verified, email senders are encouraged to set up DMARC policies. Since it's much more difficult to test the impact of DMARC policies, it's recommended to use a DMARC monitoring site to aid in testing and a gradual roll-out of policies.
Some popular sites for testing SPF and DMARC:
For further information about DMARC policies and tips on how to stop your messages from being automatically marked as spam, please see the resources below:
- https://dmarcian.com/yahoo-and-google-dmarc-required/
- https://support.google.com/a/answer/2466580?hl=en