If you email newsletters and important information to customers and users of your website, then you need to make sure your emails are secure – particularly if you are responsible for the domains of insurance companies, banks, major companies and online stores where email is an essential line of communication.
More and more companies are seeing attempts by outsiders to send phishing or spam mails via their domain name, damaging faith in the company and the company’s brand. False emails are an easy way to steal passwords and credit card details and gain access to user accounts. This is a growing problem for companies, impairing credibility and hindering communication by email.
False emails are a growing problem
It can be difficult for customers and users to distinguish false emails from authentic ones, and it is becoming increasingly difficult for email providers to block all false traffic. It is essential to senders that their emails reach the recipient. Unfortunately, in practice, senders are generally unaware of the problems involved in verification of their emails as they often have no idea which emails fail to reach the recipient and why.
DMARC (Domain-based Message Authentication, Reporting & Conformance) addresses these specific issues.
Secure email communication
DMARC enables you to protect your customers and users of your website against false emails sent from your domain. It helps you ensure that as many people as possible receive your emails and that they won’t be altered en route, land in a spam folder, be rejected or end up in quarantine.
DMARC is an email approval procedure designed to protect against domain spoofing – the practice of sending emails from an unauthorised/false sender through a company’s domain name. DMARC uses the SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Message – a signature on the email) protocols to make it easy for mail servers at providers such as Google, Hotmail or Office 365 to verify the sender’s identity and, in doing so, identify any false or potentially harmful emails sent from your domain.
Managing false emails consistently
Each mail server has its own policy for email verification. Consequently, an email through Google may be marked as spam yet land directly in the user’s inbox if it is sent via another provider. With DMARC you can use your own policies to instruct mail servers (via DNS) how to handle false or potentially harmful emails sent from your domain name. By requesting deletion or blocking of certain emails (those not protected by SPF and/or DKIM), you can prevent exposure of users and customers to false email from your domain.
DMARC ensures that all mail servers handle your emails equally when it comes to reporting spam, quarantining or rejecting emails. DMARC will also give you feedback when emails are received and/or blocked. This will give you a better idea of how many of the emails you send actually reach the recipient.
If you have your email on your own domain name, we recommend that you ask whether your provider supports DMARC.