With Google and Yahoo’s new email authentication and spam prevention requirements in place earlier this year, DMARC authentication is now essential. From February 2024, top tier email providers began mandating all senders authenticate their emails.

June 2024 marks the final step in Google’s “gradual and progressive” timeline for the enforcement of these measures and all non-compliant traffic will be rejected.

These developments underscore the need for effective email security protocols and policies in every organisation.

What is DMARC and how does it work?

DMARC stands for ‘Domain-based Message Authentication, Reporting, and Conformance’. In short, it’s an email authentication protocol designed to combat email spoofing, phishing, and other forms of email fraud. DMARC works by allowing domain owners to specify policies for handling emails that fail authentication checks (such as SPF and DKIM), and therefore streamlines the approach for both senders and receivers. It helps you to protect your brand reputation, enhance email deliverability, and reduce the risk of email-based attacks.

DMARC provides a way for domain owners to:

• Authenticate their emails using existing authentication mechanisms like SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail).
• Specify what action should be taken if an email fails authentication checks, such as sending it to spam, quarantining it for review, or rejecting it.
• Receive reports from the receiver on email authentication failures, which can help identify unauthorised use of your domain, and thus improve overall email security.

What problems does it address?

Email communication is a, if not the, primary business communication channel, but the prevalence of phishing and spam poses significant challenges. Cybercriminals exploit email vulnerabilities to compromise sensitive information, impersonate trusted brands, and send unauthorised bulk emails.

A number of methods have been developed to try to identify phishing and spam emails over the years, but they all work in isolation from each other, which leaves recipients vulnerable to fraudulent emails. DMARC attempts to address this by providing a coordinated, standardised method. It also facilitates collaboration between senders and receivers. This is why Yahoo and Google have taken these steps to increase security. We expect the other top tier providers to follow suit as a result.

Why do you need DMARC?

• By bolstering email security and trust, DMARC helps safeguard both customers and organisations from the impacts of phishing and spam. It reduces the likelihood of unauthorised emails being sent from your domain, protecting your brand reputation.
• In some industries, regulatory compliance mandates the implementation of these measures to protect sensitive information and ensure data privacy. DMARC helps you become compliant.
• You’re more likely to have your legitimate emails delivered to recipients’ inboxes, particularly bulk emails and email marketing emails. Google and Yahoo’s new requirements extend to third-party email service providers that use your domain, such as MailChimp, Campaign Monitor, MailerLite, etc. If you do not have DMARC in place, or they do not pass DMARC requirements, your emails will not be delivered.

Our Infrastructure Support service includes full DMARC compliance as standard. You can check whether your domain currently has DMARC in place by utilising our free DMARC checker tool.

If you do not have DMARC in place, please contact us to discuss adding it to your services.