Early in 2018, the Domain-based Message Authentication, Reporting, and Conformance (DMARC) regulations were passed. Although it was specifically designed under European laws, it impacts any company that does business with and sends emails to European consumers.
If you have customers from all over the world, then you need to ensure your company is following proper DMARC protocol. Let’s take a dive into what DMARC does and review a few tips and guidelines on how to protect your company.
What does DMARC do?
With email spoofing and phishing scams, criminals have found new ways to exploit the trust of email users. Technology allows them to simply add a logo and a link to an email and send it out and sadly, most users won’t know it’s a fake. This opens the door for criminals to steal personal information from consumers.
DMARC helps email senders (marketers) and customers to work together, protecting both users and brands from any criminal activity. The requirements establish a set of rules that help email providers review and validate emails, ensuring they are legitimate and not spam before they land in the user’s inbox.
The standards and requirements outlined by DMARC established a way for email authentication, giving consumers the peace of mind that any marketing email they receive is really from who it says it’s from. It also protects marketers by ensuring their emails land in the inbox instead of the spam folder, where a user would be unlikely to see it.
Tips for Implementing DMARC
If you built your website on a hosted provider, such as GoDaddy or WordPress, then you need only log in and follow the help queues. They will guide you through everything you need to do.
If you are on a solely-hosted platform you own, then we recommend you follow the guide provided by eSecurity Planet for steps for setting up your DMARC compliance efforts.
A few additional tips or items to consider while you are creating and implementing your DMARC policies and protocol:
- Establish a DMARC policy and get buy-in from the Corporate level.
- Connect with an email deliverability company to test emails before they go out and to help analyze your incoming DMARC data.
- Start at the policy level to confirm that SPF and SKIM are set-up correctly.
- Make sure your subdomains are marked with “sp” tags.
- Implement DMARC policies of “reject” on domains not in use for email messaging.
- If you are working with any third-party senders, define a protocol and ensures you are both covered and following DMARC requirements.