November 14, 2023
0
 min read

Why marketers should implement a DMARC policy now

Author
Will Boyd
Director, Deliverability Services

Both Gmail and Yahoo have recently announced that starting in February 2024, they will begin requiring more stringent email authentication protections for senders sending more than 5,000 messages daily. For many senders, these changes are nothing new, as this is email best practice.

However, it is important to make sure that you haven’t overlooked anything. Starting in February, senders who want to deliver mail successfully to Gmail and Yahoo will be required to do the following:

  1. Authenticate email messages with SPF and DKIM
  2. Have a Domain-based Message Authentication, Reporting, and Conformance (DMARC) policy in place
  3. Include a one-click unsubscribe in their messages
  4. Messages must pass DMARC alignment
  5. Keep spam complaint rates at a reasonable level

For all Simon Mail senders, points 1 and 4 are taken care of. All Simon Mail senders use sending infrastructures that accomplish these functions and ensure compliance. For those Simon Mail senders that utilize Simon to manage email suppressions, compliance with point 3, the 1-click unsubscribe requirement, will be in place before the deadline of June 1, 2024. If you are a Simon Mail sender managing your own suppression lists outside Simon Mail, you should check to make sure you have a proper 1-click unsubscribe mechanism in place.

What Simon Mail can't take care of for senders is the implementation of a DMARC policy and spam complaint control. Both of these elements are firmly in your control.

DMARC is an authentication protocol that helps receivers of your emails, such as Gmail and Yahoo, more accurately fight phishing attacks. All that is initially required for a DMARC implementation is to add a simple TXT record to your domain’s DNS. While there is more to DMARC that we encourage you to explore below, it is strongly recommended to make sure you have at least a bare-bones DMARC policy published via a TXT record in your domain’s DNS.

To be compliant with a bare minimum DMARC policy, you will need to replace {YOUR DOMAIN} with:

DNS Record Type: TXTHost/Name: _DMARC.{YOUR DOMAIN}.comValue: v=DMARC1; p=none; fo=1

Once that record has been added, you are in compliance with the DMARC requirement. However, your DMARC policy is not yet functional and is providing minimal value to your brand.

Why implement a DMARC policy?

You can dig deeper into DMARC, but in this post, I want to highlight the benefits you will see by using this tool to protect your brand’s reputation and outline roughly what this protocol does.

It’s important to know that the bare minimum DMARC policy referenced above is not a functioning DMARC policy. Rather, it is simply ‌the first step toward implementing DMARC fully, as it lacks any way for the brand to receive reports of DMARC failures and does nothing about suspicious messages. A fully implemented DMARC policy should have at least an email address indicated by the rua tag that receives those reports.

When DMARC is fully implemented, it offers many benefits. Let's discuss them below.

Boost your recipient's confidence in your legitimacy

First, it allows domain owners to instruct receivers, such as Gmail and Yahoo, on what to do with messages that do not pass these authentication checks. Brands can use this to tell receivers to quarantine or outright block messages that look suspicious. Domains can even request a report about the failure and let the mailbox provider decide where the message should go — more on that in point 2.

Although DMARC does not guarantee your messages will reach the inbox, it does boost your recipient’s confidence in the legitimacy of your messages while reducing the instances where phishers can successfully impersonate your brand.

Better identify potential authentication issues and phishing attacks

DMARC allows domain owners to receive both aggregate and forensic reports back from receivers, helping them identify potential authentication issues as well as potential phishing attacks using their brand.

Having this insight into whether messages that fail authentication are legitimate messages that you need to address or if they are phishing attacks gives you the confidence you need to move your DMARC policy from reporting mode (p=none) to enforcement mode (p=quarantine or p=reject) without disrupting any legitimate mail delivery. Only when DMARC is in enforcement mode do you receive the true benefits of the protocol.

Access the tools you need to control your brand representation

Finally, a DMARC policy allows senders to participate in or get easier access to other tools and benefits such as BIMI that allows brands to control better how their brand is represented in recipients’ inboxes. Not to mention, it puts brands ahead of the game when it comes time for Gmail and Yahoo (or someone else) to continue increasing their requirements.

As time passes, fully implemented DMARC is surely going to become more and more of a requirement for marketers to deliver mail to recipients’ inboxes. We suggest starting to explore DMARC now if you haven’t already so that you can experience its benefits sooner rather than later and avoid any future fire drills. Let your account manager or customer success team know if you want to learn more about DMARC and its benefits.

Stay in the know!

Subscribe to our monthly newsletter to get the latest CDP and marketing tips, insights, strategies, and more.
* By submitting, you agree to the Terms of Service
and Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.