Relationship building is at the heart of what email marketing is all about, and that process is one built on mutual trust. However, to establish that trust, your subscribers need to feel that they are secure in their communications with you.
Online communication always poses a level of risk that users need to be aware of, as malicious third parties seek to access and exploit the information of others. Fraudsters commonly engage in email spoofing, in which sender addresses are falsified for nefarious purposes, causing harm to both you and your subscribers.
Read the most significant, most organized volume of information written about email deliverability.
For this reason, you should be aware of the security measures available to you, such as DMARC.
|Want to jump ahead? |
What is DMARC? SPF, DKIM, and DMARC SPF
Implementing DMARC Conclusion
What is DMARC?
Domain-based Message Authentication, Reporting, and Conformance, or DMARC, is an email authentication method that makes it possible to detect phishing attempts and spam. It works by combining the functions of two email authentication protocols, SPF and DKIM, within a single framework.
SPF, DKIM, and DMARC
When it comes to email authentication, there are three main levels: SPF, DKIM, and DMARC. Each of these methods is more stringent than the previous.
Sender Policy Framework, or SPF, is the most fundamental level of authentication in standard use. When enabled, SPF allows receiving mail servers to check the IP address of the sender to see if it has the authorization to send from that domain.
To do this, it leverages the Domain Name System (DNS), checking the SPF record created by the domain owner. This provides a list of authorized IP addresses for the domain. If the sender’s IP address is included in the SPF record, the email will pass the check. If it fails, the email could be rejected or sent to the recipient’s junk folder.
SPF performs a preliminary check of the sender’s IP address, but it does not authenticate the “From” header and is unable to authenticate forwarded messages. For this reason, it is the weakest of the authentication measures listed here.
DomainKeys Identified Mail, or DKIM, provides more thorough authentication than SPF. DKIM identifies forged sender addresses and verifies if an email has been altered in any way while in transit.
When setting up DKIM, the domain owner generates two cryptographic keys. The first is a public key added to the domain’s DNS record. The other, the private key, is used by the sending mail transfer agent.
When sending an email, that mail transfer agent creates a unique text string called a hash value, encrypts it, and places it in the email header. This is called a DKIM signature. The recipient server then uses it to look up the sender domain in the DNS and decrypts the hash value with the public key from the DNS.
At this point, the sender information is checked against the DNS. If the information matches, the message can be delivered to the inbox of the recipient.
Due to its use of encryption, DKIM is a more thorough form of email authentication than SPF. However, neither SPF or DKIM provides specifications as to how emails should be handled when they fail authentication.
Technically, DMARC is not a protocol in itself. However, because it unifies both SPF and DKIM, it is considered the highest level of authentication.
DMARC provides all of the benefits of both protocols within a single framework and allows domain owners to specify how outbound mail should be processed by mailbox providers in the event of an authentication failure.
Much like SPF and DKIM, DMARC uses the DNS. Senders can set up DMARC with a TXT DNS record, specifying one of three distinct policies for handling outbound mail.
The three policies for DMARC are as follows:
- p = none: The server will handle the email as though DMARC were not in effect.
- p = quarantine: The server will allow the email to pass through, but direct it to the recipient’s spam folder.
- p = reject: The server will bounce the email, preventing it from reaching the recipient at all.
The Email Marketing Activity Book for Kids
Implementing DMARC is a relatively straightforward process. Below is a simplified run-down of how you can do it:
- Ensure that your email-sending service supports the authentication methods.
- Set up either SPF, DKIM, or both. One of these is needed at minimum.
- Align the identifiers of the SPF/DKIM-authenticated domain with that of the header address.
- Publish your DMARC record to the DNS.
When operating a business that relies so heavily on mutual trust, security cannot be undervalued. Setting up email authentication with DMARC verifies your identity, improves your reputation with internet service providers, strengthens your relationship with your subscribers, and helps increase your chances of running successful email marketing campaigns.