We’ve all seen this TV trope a thousand times: the main character slips past a sleeping security guard into an important, seemingly-protected area. Spammers and malicious email senders work the same way–they take advantage of email gatekeepers that are not doing enough.
Find out why older authentication protocols like SPF and DKIM are no longer able to keep out spam and fraudulent emails and how DMARC gets your emails delivered more often.
Why Email Authentication Protocols Matter
A decade ago, Paypal had a PR nightmare with fraudulent emails sent on their behalf. Once a fraudulent email reaches an inbox, the sending domain’s name is sullied. Email authentication protocols SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) failed to protect Paypal’s recipients from getting the fake Paypal emails.
In 2007 Paypal worked with Yahoo! Mail and then with Gmail to adopt DMARC (Domain-based Message Authentication Reporting and Conformance), an email authentication protocol that builds upon the framework SPF and DKIM established for email sender verification.
To create these higher-level email authentication protocols both the sender (organization, email marketer) and the receiver (Gmail, Yahoo!, Outlook) communicate with each other for better email verification. This in turn creates better email deliverability because fewer good email bounce back and recipients know that what they are receiving from the domain can be trusted.
In other words, email authentication keeps the spam and fraudulent emails out, and helps the entire email exchange system work more smoothly.
SPF and DKIM and Identifier Alignment
The only two email authentication protocols employed pre-Paypal fraud days were SPF and DKIM.
- SPF essentially makes sure that the email sender’s IP addresses are verified in the DNS
Once a brand has IP address verification, the emails are allowed to pass through. SPF authentication protocols make sure that the RFC5321.MailFrom “(envelope sender”) and the RFC5322.From (“friendly sender”, i.e. what shows in the recipient’s from field) match. If they do not align, the email does not go through.
- DKIM puts the onus of verification ability on the sending organization and verifies the email sender through cryptographic authentication of the sending addresses
DKIM authentication protocols verify that the “friendly sender” and the domain in the email signature (d=) are the same.
SPF and DKIM rely on alignment of the identifiers given. These protocols are still necessary today, but not sufficient alone as both protection (for sender and recipient) and deliverability aids.
How DMARC Works
SPF and DKIM are the fence and gate that keep out obvious intruders. DMARC is the lock and the team of security experts that make sure the fence and gate work well to keep out unwanted emails.
DMARC’s overview of the authentication protocol breaks the process down like this:
- Deploy DKIM and SPF
If it hasn’t become clear yet, DKIM and SPF are the bare minimum email marketers must use to protect their brand and recipients through DKIM and SPF authentication protocols.
- Make sure your mailers have DKIM and SPF authentication alignment
If your identifiers do not match, the email will not go through to the intended email recipient.
- Publish a DMARC record with the “none” flag set for the policies, which requests data reports
This is where DMARC raises the level of authentication from its predecessors SPF and DKIM.
- Analyze the data and modify your mail streams as appropriate
DMARC gives you insight into why your SPF and DKIM identifiers are not aligned and how to fix it for better deliverability.
- Modify your DMARC policy flags from “none” to “quarantine” to “reject” as you gain experience
Since you can adjust and correct course in your email marketing with DMARC’s feedback, you are able to get better results and gain your recipients’ trust as a brand.
How DMARC Increases Deliverability
Using DMARC has three main benefits for your email marketing ROI:
- It protect your sending domain
- It protects your subscribers
- It improves inbox placement
The fewer emails that go into the junk folder, the better for your IP reputation and deliverability rates. Once you build a brand, you want to ensure your recipients continue to trust the sender and augment open rates.