Email authentication

How DMARC can improve email deliverability and domain reputation

Can DMARC improve my email deliverability? Will my domain reputation improve by placing a DMARC record? In this article we will answer these questions.

What is DMARC?

DMARC (Domain-based Message Authentication Reporting and Conformance) is an email validation system designed to protect domains from being used for email spoofing, phishing scams and other cybercrimes. DMARC leverages the existing email authentication techniques SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail). However, DMARC adds an important function: reporting. When a domain owner publishes a DMARC record into their DNS record, they will gain insight into who is sending email on behalf of their domain. This information can be used to get detailed information about the email channel. With this information a domain owner can get in control over the email sent on his behalf. It is possible to use DMARC to protect domains against abuse, in phishing or spoofing attacks by enforcing the DMARC policy.

As a domain owner you want to be sure that customers and suppliers only receive emails from legitimate sources that are allowed to send email on behalf of your domain. Therefore, DMARC is a must for every domain owner. Securing the email channel with DMARC gives email receivers certainty whether an email is legitimate and is originating from your domain.

Please refer to the following article about what is DMARC, for more information about DMARC.

DMARC misunderstandings related to email deliverability and domain reputation

It is good to mention that DMARC is no ‘Silver Bullet’ for instantly improving email deliverability and domain reputation. Also DMARC is not a solution for (instantly) removing domains or IPs from spam filters or abuse reporting websites. However DMARC can definitely have a positive impact on email deliverability and domain reputation.

How does DMARC influence email deliverability and domain reputation?

  1. By publishing a DMARC record
    In order to use DMARC, a DMARC record has to be published within the DNS record of the domain for which DMARC will be deployed. By placing a DMARC record, a domain owner requests ISP’s (which support DMARC) to send feedback on the emails which they receive for that domain. This already indicates receivers that an organization (domain) wants to improve their email authentication.
  2. By using the DMARC results to improve the authentication results
    When a DMARC record is published, valuable DMARC reports which give insight into the email channel will be received. The DMARC reports show which sources and IPs send out email on behalf of a domain, it also provides insight into the results of the SPF and DKIM verification. By studying these results a domain owner can start to properly set up and improve the SPF and DKIM verification on these mails, in our article about alignment we describe what alignment is and how to improve it. Working on improving the authentication of emails by improving SPF and DKIM verification will increase the trustworthiness of a domain. This can lead to ISPs being more willing to place emails in the primary inbox of the receiver and therefore this can improve email deliverability.
  3. By enforcing the DMARC policy
    When SPF and DKIM are set up correctly, a domain owner can start with enforcing a DMARC policy. The DMARC policy can then be enforced in small steps to quarantine and eventually to a 100% reject policy. Enforcing the DMARC policy will mitigate the impact of malicious emails that are sent on behalf of the domain, spoofing can be prevented this way. Enforcing the DMARC policy shows ISPs that a domain owner puts a lot of effort in securing the email channel and that receivers can rely on emails originating from the domain. This can lead to ISPs being more willing to place emails in the primary inbox and can help to improve domain reputation.

To conclude, DMARC can have positive influence on email deliverability when a domain owner further improves the authentication of its emails. As mentioned, DMARC is no ‘Silver Bullet’, for improved email deliverability it is still required to work on engagement and keep track of IP reputation after deploying DMARC.