What marketers need to know about DMARC
Is your knowledge of DMARC somewhat murky? You're not alone. Columnist Jason Warnock walks you through the ins and outs of DMARC and how it can benefit your brand.
Last month, reports surfaced that Google and Microsoft this year plan to update their policies related to DMARC (Domain-based Message Authentication, Reporting & Conformance), a change that could cause some brands’ deliverability rates to plummet.
Change is coming. DMARC authentication is becoming an important part of the email marketing landscape, and if marketers aren’t up to speed, it could spell disaster for their brands.
What is DMARC?
Our research shows that on any given day, 146 million fraudulent emails are sent to internet users around the world. To counter phishing attempts and other scams, the email industry created DMARC, an authentication technology that prevents fraudulent emails from reaching users’ inboxes.
DMARC works by equipping email recipients with the ability to determine if an email has originated from a legitimate sender. With DMARC technology in place, senders can notify recipients that their messages are protected by SPF (Sender Policy Framework) and/or DKIM (DomainKeys Identified Mail) standards.
If emails fail the authentication process, users are instructed how to proceed, eliminating their exposure to fraudulent messages. Since recipients can also report back to the sender about received messages, legitimate senders gain insights about spoofing attempts and the reasons behind failed message deliveries.
In essence, DMARC is an effective technology for ensuring the validity of the “from” field in a message header. Fraudsters are less likely to target brands that use DMARC, and those that do are typically unsuccessful.
DMARC and ISPs
DMARC policies were pioneered by PayPal in 2007. The payment provider then developed email authentication technologies in partnership with major internet service providers (ISPs). The authentication methodology quickly spread to other online companies and became a primary tool for countering spoofed domain email attacks.
In 2015, 35 percent of the messages received by large mailbox providers were protected by DMARC authentication — a percentage that continues to rise as more and more service providers embrace the DMARC standard.
Major ISPs like Yahoo, AOL, Google and Microsoft are either using or will use DMARC to authenticate their domains and neutralize phishing attacks.
But DMARC policies mean that ostensibly, only the ISPs can send email marketing materials from their domains. So the upcoming policy changes from Google and Microsoft could make it difficult for marketers to execute email campaigns from Gmail, Hotmail, Outlook, Live and MSN email accounts.
As DMARC policies become more widespread, brands must begin sending emails from their own domains. But even that’s not enough. To counter the ever-present threat of fraudulent activity, brands will need to consider implementing DMARC authentication, if they haven’t done so already.
How DMARC benefits brands
These days, phishing and spoofing scams are a fact of life for brands and consumers. For example, in the financial sector, banks have been hit hard by phishing scams that distribute convincing emails to consumers, asking them to provide financial account information and PIN numbers.
Ecommerce is another industry that experiences a high volume of fraudulent email attempts. Online shoppers regularly receive emails that invite them to click a malicious link or enter account login credentials and credit card information.
In many cases, phishing scam victims are older adults who don’t fully understand the risks. With record numbers of baby boomers using the internet for shopping and financial transactions, it’s more important than ever for brands to aggressively protect their customers from fraudulent activities.
DMARC authentication mitigates the threat of phishing scams by displaying brand icons when messages arrive in user inboxes and other measures that ensure branded emails have actually been sent by the brand.
Additional benefits of DMARC authentication include:
- Improved deliverability. Deliverability is a prerequisite for email marketing success. When implemented on the brand’s domain, DMARC authentication improves deliverability rates and increases the likelihood that brand messages will be seen by the right people at the right times.
- Increased confidence. Consumers don’t trust brands that experience frequent security issues. When customers have to constantly reset their account information due to spoofing or other attacks, they lose faith in the brand. DMARC authentication restores trust and strengthens brand relationships by eliminating incidents of email-based fraud.
- Better engagement. The payoff for increased customer confidence is engagement. In an online environment where security threats are an everyday occurrence, brands that consistently deliver safe email marketing campaigns are rewarded with more clicks, conversions and purchases.
- Total visibility. DMARC technology also allows marketers to monitor how the brand is being used across the internet. If an unauthorized sender spoofs the brand or sends emails disguised as brand content, you’ll know about it. As a result, marketers that use DMARC authentication enjoy greater control and can proactively address fraudulent activity when it occurs.
Email-based scams aren’t going away any time soon. By understanding DMARC authentication and implementing it on their domains, marketers can protect both their brands and their customers from common email scams.
Even better, DMARC authentication helps marketers strengthen relationships with customers and achieve important advantages in today’s increasingly hazardous digital marketplace.
Opinions expressed in this article are those of the guest author and not necessarily MarTech. Staff authors are listed here.