Skip to main content

What marketers need to know about DMARC


Last month, reports surfaced that Google and Microsoft this year plan to update their policies related to DMARC (Domain-based Message Authentication, Reporting & Conformance), a change that could cause some brands’ deliverability rates to plummet.

Change is coming. DMARC authentication is becoming an important part of the email marketing landscape, and if marketers aren’t up to speed, it could spell disaster for their brands.

What is DMARC?

Our research shows that on any given day, 146 million fraudulent emails are sent to internet users around the world. To counter phishing attempts and other scams, the email industry created DMARC, an authentication technology that prevents fraudulent emails from reaching users’ inboxes.

DMARC works by equipping email recipients with the ability to determine if an email has originated from a legitimate sender. With DMARC technology in place, senders can notify recipients that their messages are protected by SPF (Sender Policy Framework) and/or DKIM (DomainKeys Identified Mail) standards.

If emails fail the authentication process, users are instructed how to proceed, eliminating their exposure to fraudulent messages. Since recipients can also report back to the sender about received messages, legitimate senders gain insights about spoofing attempts and the reasons behind failed message deliveries.

In essence, DMARC is an effective technology for ensuring the validity of the “from” field in a message header. Fraudsters are less likely to target brands that use DMARC, and those that do are typically unsuccessful.


DMARC policies were pioneered by PayPal in 2007. The payment provider then developed email authentication technologies in partnership with major internet service providers (ISPs). The authentication methodology quickly spread to other online companies and became a primary tool for countering spoofed domain email attacks.

In 2015, 35 percent of the messages received by large mailbox providers were protected by DMARC authentication — a percentage that continues to rise as more and more service providers embrace the DMARC standard.

Major ISPs like Yahoo, AOL, Google and Microsoft are either using or will use DMARC to authenticate their domains and neutralize phishing attacks.

But DMARC policies mean that ostensibly, only the ISPs can send email marketing materials from their domains. So the upcoming policy changes from Google and Microsoft could make it difficult for marketers to execute email campaigns from Gmail, Hotmail, Outlook, Live and MSN email accounts.

As DMARC policies become more widespread, brands must begin sending emails from their own domains. But even that’s not enough. To counter the ever-present threat of fraudulent activity, brands will need to consider implementing DMARC authentication, if they haven’t done so already.

How DMARC benefits brands

These days, phishing and spoofing scams are a fact of life for brands and consumers. For example, in the financial sector, banks have been hit hard by phishing scams that distribute convincing emails to consumers, asking them to provide financial account information and PIN numbers.

E-commerce is another industry that experiences a high volume of fraudulent email attempts. Online shoppers regularly receive emails that invite them to click a malicious link or enter account login credentials and credit card information.

In many cases, phishing scam victims are older adults who don’t fully understand the risks. With record numbers of baby boomers using the internet for shopping and financial transactions, it’s more important than ever for brands to aggressively protect their customers from fraudulent activities.

DMARC authentication mitigates the threat of phishing scams by displaying brand icons when messages arrive in user inboxes and other measures that ensure branded emails have actually been sent by the brand.

Additional benefits of DMARC authentication include:

  1. Improved deliverability. Deliverability is a prerequisite for email marketing success. When implemented on the brand’s domain, DMARC authentication improves deliverability rates and increases the likelihood that brand messages will be seen by the right people at the right times.
  1. Increased confidence. Consumers don’t trust brands that experience frequent security issues. When customers have to constantly reset their account information due to spoofing or other attacks, they lose faith in the brand. DMARC authentication restores trust and strengthens brand relationships by eliminating incidents of email-based fraud.
  1. Better engagement. The payoff for increased customer confidence is engagement. In an online environment where security threats are an everyday occurrence, brands that consistently deliver safe email marketing campaigns are rewarded with more clicks, conversions and purchases.
  1. Total visibility. DMARC technology also allows marketers to monitor how the brand is being used across the internet. If an unauthorized sender spoofs the brand or sends emails disguised as brand content, you’ll know about it. As a result, marketers that use DMARC authentication enjoy greater control and can proactively address fraudulent activity when it occurs.

Email-based scams aren’t going away any time soon. By understanding DMARC authentication and implementing it on their domains, marketers can protect both their brands and their customers from common email scams.

Even better, DMARC authentication helps marketers strengthen relationships with customers and achieve important advantages in today’s increasingly hazardous digital marketplace.

via Marketing Land


Popular posts from this blog

6 types of negative SEO to watch out for

The threat of negative SEO is remote but daunting. How easy is it to for a competitor to ruin your rankings, and how do you protect your site? But before we start, let’s make sure we’re clear on what negative SEO is, and what it definitely isn’t.Negative SEO is a set of activities aimed at lowering a competitor’s rankings in search results. These activities are more often off-page (e.g., building unnatural links to the site or scraping and reposting its content); but in some cases, they may also involve hacking the site and modifying its content.Negative SEO isn’t the most likely explanation for a sudden ranking drop. Before you decide someone may be deliberately hurting your rankings, factor out the more common reasons for ranking drops. You’ll find a comprehensive list here.Negative off-page SEOThis kind of negative SEO targets the site without internally interfering with it. Here are the most common shapes negative off-page SEO can take.Link farmsOne or two spammy links likely won’…

Another SEO tool drops the word “SEO”

This guest post is by Majestic’s Marketing Director, Dixon Jones, who explains the reasons for their recent name change.
Majestic, the link intelligence database that many SEOs have come to use on a daily basis, has dropped the “SEO” from it’s brand and from its domain name, to become Since most people won’t have used Google’s site migration tool before, here’s what it looks like once you press the “go” button:

In actual fact – there’s a minor bug in the tool. The address change is to the https version of (which GWT makes us register as a separate site) but that message incorrectly omits that. Fortunately, elsewhere in GWT its clear the omission is on Google’s side, not a typo from the SEO. It is most likely that the migration tool was developed before the need for Google to have separate verification codes for http and https versions of the site.
The hidden costs of a name change
There were a few “nay sayers” on Twitter upset that Majestic might be deserting it…

Software Review Site TrustRadius Has A New Way to Treat Reviews Obtained Through Vendors

Online user reviews are the most powerful marketing technique for influencing purchase decisions. But do they accurately represent the views of most users?Today, business software review platform TrustRadius is announcing a new way — called trScore — to handle the bias introduced in reviews by users obtained through the vendor of the reviewed software product. The site says more than two million software buyers visit each year to check out its product reviews.To understand trScore, let’s first look at TrustRadius’ approach.The site says it authenticates all users through their LinkedIn profiles. It also requires users to answer eight to ten questions about the product, in order to weed out users having no familiarity. Additionally, a staff person reads every review before it is posted, and the site says about three percent of reviews are rejected for not meeting guidelines.As for the reviews themselves, TrustRadius puts them into two main buckets: independently-sourced reviews and ven…