Have you ever received an email claiming to be from a specific brand or company, but it clearly wasn’t? Well, you’re not alone. And to prevent these type of “phishy” emails from reaching your inbox, email authentication standards have been put in place. That’s where Domain-based Message Authentication, Reporting & Conformance (DMARC) comes into play.
I’ve asked Jacob Hansen, Deliverability Consultant, at SendGrid to help us better understand DMARC.
What exactly is DMARC?
DMARC is an email protocol that uses SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) to determine the authenticity of an email, or prove that an email is coming from where it claims to be coming from. DMARC was created to prevent phishing, but in turn, due to the complexity of some of its details, it has made it that much more difficult for email marketers to reach the inboxes of their target customers if not implemented correctly.
While many email providers currently have DMARC policies in place, Microsoft and Gmail are expected to update their policies sometime this year, which will directly affect how marketers send email. Under the new policies, no one other than Gmail will be able to send email from an @gmail.com email address, and no one other than Microsoft will be able to send email from @outlook.com, @hotmail.com, @live.com and @msn.com email addresses. Yahoo already has a similar policy in place, and therefore only Yahoo can send email from a @yahoo.com email address.
What does this mean for email marketers?
This means that email marketers can not use Gmail or Microsoft email addresses to send email through an email provider. All email must be sent from an owned domain. In most cases, brands own their own domains, however for smaller brands and companies, if email is sent through a Gmail or Microsoft domain, it will no longer be delivered even if it is wanted mail. Without complying with this update, marketers may see their deliverability rates drop.
Complying with DMARC standards will help marketers control their sending reputations, increase visibility into their programs while keeping mail relevant, and establish consistent policies for dealing with unauthenticated mail.
- Protect your brand. Publishing a DMARC record protects your brand by preventing unauthenticated parties from sending mail from your domain. In some cases, simply setting up a DMARC record can result in a positive reputation bump.
- Increase visibility into your email program. Reviewing and consuming DMARC reports increases visibility into your email program by letting you know who is sending mail from your domain. You’re able to get a better look into who is trying to act like you.
- Establish a consistent policy for unauthenticated mail. DMARC helps the email community establish a consistent policy for dealing with messages that fail to authenticate. This helps the marketing email ecosystem as a whole become more secure and more trustworthy.
The takeaway
There is no confirmed date for when Gmail and Microsoft will be updating their policies, they have only specified within this year. But it is a best practice to comply with DMARC regardless if you don’t already. Businesses sending email from a Gmail or Microsoft domain will need to take immediate action to begin sending from an owned domain to ensure the deliverability of their email and success of their email programs. By adhering to DMARC protocols, all brands are setting the standard for authentic email and helping customers receive the mail they want most.
