Start your DMARC journey
Edward Tucker
Positive disruptor, transformer, value creator, capability builder, speaker, advisor, rethinker
Here’s something that I think every organisation should do and that is to implement DMARC.
For those that don’t know DMARC is a standard that allows you to authenticate your genuine email and prevent others (criminals mostly) from abusing your brand by spoofing your domains.
It is not a silver bullet, but a good step in protecting your brand, your domain and most importantly your customers. As a result of this authentication it also enables you to track the deliverability of your actual email and enhance same by improving the reputation of your domain(s).
What DMARC does is to bring together existing authentication mechanisms (SPF & DKIM) and enhance them as well as adding reporting and conformance to the mix.
To start the journey, you will need to publish a DNS record.
Create a DNS TXT record with a name of _dmarc
The syntax of your initial record should be:
v=DMARC1;p=none;rua=mailto:address@yourdomain
Where the record states address@yourdomain this should be replaced by a mailbox address at your domain. This mailbox will receive email reports which will allow you to understand which email servers are sending email as your domain. This will include yourself, 3rd party mail agents and most likely some criminals too. It is recommended to create a mailbox specifically for these reports. For ease you could call it dmarc. So dmarc@yourdomain. Obviously, the yourdomain bit should be replaced by your actual domain name.
Around 48 hours after publishing this record you will start to receive email reports into your dmarc mailbox. These reports should be used to help determine which email servers should be sending emails as your domain and which shouldn’t. From there you can start to take the next steps in your journey.
Interpreting these reports can be cumbersome as well as figuring out what it all means. There are a number of organisations that can help you, as well as being able to do it yourself, alongside several open source tools to help in this space.
I co-founded one of those organisations in EmailAuth.io though there are many more and as I said open source tools to DIY.
Fully implementing DMARC can be hard. Most commonly when it comes to ‘fixing’ a legacy of unloved and uncared for domains. There is no vendor that can solve that for you. They can help with visualisation and understanding, but you will have to invest time and effort alongside anyone you bring in to help. That investment is worth it though.
The main thing is that DMARC is a very good thing to do. It helps you ensure delivery of your genuine email, whilst also preventing abuse against your brand and customers. It is win win in my book.