DMARC
The other day, I ran across a complaint on Linkedin. “Just saw another email go to the Promotions Folder with DKIM, SPF, and DMARC set up perfectly. Stop telling people this will fix their e-mail problems!” It’s not the first time I’ve heard this, and I can understand why the author is frustrated. But, it’s important not to miss the true point — email authentication will help to improve inbox delivery. Because it does! But there’s a nuanced explanation to go along with that. The devil truly is in the details.Email authentication is fantastic. SPF and DKIM both allow you to set yourself up as YOU in the eyes of mailbox providers — as opposed to just being one of the many clients of ESP or CRM platform X, based on a shared IP address or shared DKIM domain. This is a good thing, but it’s just the start.Setting yourself
This guide describes the process for configuring Sendinblue to send DMARC compliant messages. You will need to configure this source, and others you authorize, before advancing your DMARC policies to a more restrictive state, e.g., quarantine and/or reject. To bring this source into DMARC compliance, you will need access to Sendinblue’s administrative account and the domain’s DNS management console. From time to time, these instructions change with very little advance notice. Please always refer to documentation hosted by Sendinblue for the most complete and accurate information. General informationSendinblue provides a platform to send transactional and marketing emails. It is often used to send B2C (business-to-consumer) and B2B (business-to-business) emails. Many areas in your organization may use this service, including marketing, sales, and finance. Sendinblue supports DMARC compliance through DKIM and SPF alignment. DKIMTo configure DKIM, you will need to access the domain’s settings. There are two ways to do this:
This guide describes the process for configuring Mailgun to send DMARC-compliant messages. You will need to configure this source, and others that send on your behalf, before advancing your DMARC policies to a more restrictive state, e.g., quarantine and/or reject. To bring this source into DMARC compliance, you will need access to the Mailgun administrative account and the domain’s DNS management console. From time to time, these instructions change with very little advance notice. Please always refer to documentation hosted by Mailgun for the most complete and accurate information. General informationMailgun provides an email delivery service that allows developers to integrate email into applications through APIs and SMTP. Many departments may use this service in your organization, but it is often managed by an application development team. Mailgun supports DMARC compliance through SPF and DKIM alignment. SPF & DKIMTo configure SPF and DKIM: In the Mailgun console, navigate to Sending>Overview
This guide describes the process for configuring Mailchimp Transactional to send DMARC-compliant messages. You will need to configure this source, and others that send on your behalf, before advancing your DMARC policies to a more restrictive state, e.g., quarantine and/or reject. To bring this source into DMARC compliance, you will need access to the Mailchimp Transactional administrative account and the domain’s DNS management console. From time to time, these instructions change with very little advance notice. Please always refer to documentation hosted by Mailchimp Transactional for the most complete and accurate information. General informationMailchimp Transactional is a paid Mailchimp add-on that allows clients to send one-to-one transactional emails triggered by user actions, such as purchases or account activity. Sales and marketing as well as development teams may use this service in your organization. Mailchimp Transactional supports DMARC compliance through DKIM and SPF alignment. DKIMTo configure DKIM: Navigate to Settings in
Reports generated from our DMARC Management Platform give you insight into what is happening with a particular aspect of your domains. A useful resource to keep decision makers and stakeholders informed and updated relative to DMARC deployment and maintenance, reports help to bridge this gap. For dmarcian’s MSP and MSSP Partners, reports can be utilized to provide information to their client base. Since MSP clients can’t view their domain details on the dmarcian platform, reports are a way MSPs can keep their clients informed of their DMARC project. The following reports can be generated from our platform: Domain Status Reports: contains domain status information including email authentication deployment state and volume statistics. This report is based on the past seven days of data from the time it was generated. Issue Summary Reports: lists outstanding issues related to email authentication deployment. Account Progress Reports: provides an overview of all domains in
A year ago we surveyed DMARC adoption among the 100 global retailers based on revenue. With the 2022 holiday shopping season ramping up, we’re taking a look to see how retailers are progressing with DMARC adoption. Here’s the comparison, measured in percentage increase or decrease, from last year’s DMARC adoption numbers: 30% increase of DMARC policies set to p=reject 80% increase of DMARC policies set to p=quarantine 10% decrease of DMARC policies set to p=none 16% decrease of companies lacking a DMARC policy The trend illustrates a progression of DMARC compliance in the growth of p=quarantine and p=reject policies from 2021. That’s nothing but good news for retailers and their customers. For the retail, hospitality, and travel community, the holiday season is the most intense time of year for consumers and cybersecurity professionals facing persistent threats. From the beginning of October through the end of December, cyber threats to organizations
This guide describes the process for configuring Salesforce to send DMARC-compliant messages. You will need to configure this source, and others that send on your behalf, before advancing your DMARC policies to a more restrictive state, eg., quarantine and/or reject. To bring this source into DMARC compliance, you will need access to Salesforce’s administrative account and the domain’s DNS management console. From time to time, these instructions change with very little advance notice. Please always refer to documentation hosted by Salesforce for the most complete and accurate information. General InformationSalesforce is a customer relationship management software that brings together sales, customer service, marketing automation, analytics, and application development. Many departments, such as Sales, Marketing, IT, Support and HR use this tool. Salesforce supports DMARC compliance through SPF and DKIM alignment. SPF To configure SPF, add a DNS TXT record at your domain’s DNS provider: Login to the management console of
One of the outstanding features of DMARC is the feedback you get related to email sent from any source using your domain as the RFC5322 identity (friendly from). However, this is contingent on the receiver’s email security provider having the ability to perform DMARC verification on inbound email as well as sending the result of those checks in the form of an aggregate report. One such solution is Cisco’s Cloud Email Security (CES). When DMARC authentication for inbound email is enabled, the CES appliance can be configured to send DMARC aggregate reports containing the results of those inbound checks. This data is critical for domain owners relative to their DMARC deployment efforts. These reports are helpful, but more helpful yet is to know who is sending these reports. Knowing the source of the reports is beneficial if you need to follow up with them; better yet, you can easily identify
This guide describes the process for configuring Constant Contact to send DMARC-compliant email. You will need to configure this source, and others that send on your behalf, before advancing your DMARC policies to a more restrictive state, e.g., quarantine and/or reject. To bring this source into DMARC compliance, you will need access to Constant Contact’s administrative account and the domain’s DNS management console. From time to time, these instructions change with very little advance notice. Please always refer to documentation hosted by Constant Contact for the most complete and accurate information. General informationConstant Contact is an email marketing service provider designed for small businesses. It’s often used by marketing and sales departments. Constant Contact supports DMARC compliance through DKIM alignment for their customers. DKIMConstant Contact provides two options for enabling DKIM: authentication using CNAME records and authentication using a TXT record. Self-authentication using DKIM CNAME records is the simplest and
The dmarcian team categorizes the sources we see our customers use and include resources that assist in configuring sources to send DMARC-compliant email. Sometimes, however, we are unable to find any publicly available documentation on how to achieve DMARC compliance for a particular source—a service that sends email on behalf of another domain. In these cases, the customer must reach out to the source, or vendor, to request assistance. “Not all third-party providers officially support DMARC, and their first response may be negative,” says Ash Morin, dmarcian’s Director of Deployment. “However, the reality is that they may simply not understand the scope of the request. In our experience, a service provider will often find out that they are in fact capable of supporting DMARC once the requirements are explained clearly to them.” If you find yourself in a situation where you need to contact a source but don’t know what