How DMARC Authentication Protects You From Email Fraud

28 June 2017 - Sharon Beilis

If you have been sending (or frankly - receiving) email for a while, you likely remember that 10+ years ago, there was a lot of fraudulent action surrounding Paypal emails. Phishing, spoofing, spamming, social engineering - a lot of it seemed to be coming from the popular payment service.

Paypal fraud seems to have disappeared (or at least, significantly lessened). Magic? Nope. This revolution is thanks to the company pioneering an approach to communicate with receiving ISPs. Paypal started about ten years and with Yahoo Mail and later worked with Gmail and established a way to disclose authentic emails with the DMARC system - which is now available to all email marketers.

As a professional email marketer, you have a right and a responsibility to maintain healthy email practices, never make common emailing mistakes, and disclose yourself to your recipients as an honest and authentic emailer with DMARC authentication.

Why you need DMARC authentication

Getting into a subscriber’s inbox is becoming more challenging as more fraudsters derive more sophisticated schemes to mask themselves as legitimate senders. In fact, in 2016, spam grew by 400% according to an IBM report, so ISPs invest resources in quickly developing rules and protocols to bar spam from reaching inboxes. Often legitimate senders like you are the proverbial collateral damage. Your messages get flagged as a false positive through no fault of your own.

Luckily, there is a way to protect yourself and your sending domain, shield your subscribers from cyber fraudsters, increase trust, and improve your inbox placement: DMARC authentication. 

Read more about improving email deliverability on our blog

How does DMARC authentication work?

According to Digital Marketing Magazine, “Domain-based Message Authentication Reporting and Conformance is an email authentication protocol which informs recipients that the emails you are sending them are legitimate, and authorised.”

The DMARC email standard works like this:

  1. A sender sends an email message
  2. The receiving email service checks the DNS record for a DMARC policy
  3. The receiver checks the message using both SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail)
  4. The receiver send a DMARC report back to the sending email service
  5. Messages that clear the DMARC authentication are inboxed; those that do not are marked as spam

This graphic representation by is a nice overview:

dmarc authentication protects you from email fraud.png

If you are not yet implementing DKIM and SPF - which are the underlying pillars of DMARC – then you’re already behind the curve. You are probably already suffering a negative impact on your email marketing performance, as your emails will land more often in the Spam/Junk folder as a result.

Start Your Free Trial

Educate yourself about DMARC authentication

While it is early in the world of DMARC authentication, take time now to educate yourself and become one of the early adopters. In the UK, DMARC is being required by government organizations more and more SMTP Relay providers and ISPs are expanding their DMARC features. Our prediction is that very soon, it will separate professional email marketers from their “dabbling” counterparts.

Recent Posts