15 November 2017 - Sharon Beilis

We’ve all seen this TV trope a thousand times: the main character slips past a sleeping security guard into an important, seemingly-protected area. Spammers and malicious email senders work the same way--they take advantage of email gatekeepers that are not doing enough.

 Find out why older authentication protocols like SPF and DKIM are no longer able to keep out spam and fraudulent emails and how DMARC gets your emails delivered more often.

Why Email Authentication Protocols Matter

A decade ago, Paypal had a PR nightmare with fraudulent emails sent on their behalf. Once a fraudulent email reaches an inbox, the sending domain’s name is sullied. Email authentication protocols SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) failed to protect Paypal’s recipients from getting the fake Paypal emails.

 

In 2007 Paypal worked with Yahoo! Mail and then with Gmail to adopt DMARC (Domain-based Message Authentication Reporting and Conformance), an email authentication protocol that builds upon the framework SPF and DKIM established for email sender verification.

 

To create these higher-level email authentication protocols both the sender (organization, email marketer) and the receiver (Gmail, Yahoo!, Outlook) communicate with each other for better email verification. This in turn creates better email deliverability because fewer good email bounce back and recipients know that what they are receiving from the domain can be trusted.

 

In other words, email authentication keeps the spam and fraudulent emails out, and helps the entire email exchange system work more smoothly.

SPF and DKIM and Identifier Alignment

The only two email authentication protocols employed pre-Paypal fraud days were SPF and DKIM.

 

 

Once a brand has IP address verification, the emails are allowed to pass through. SPF authentication protocols make sure that the RFC5321.MailFrom “(envelope sender”) and the RFC5322.From (“friendly sender”, i.e. what shows in the recipient’s from field) match. If they do not align, the email does not go through.

 

 

DKIM authentication protocols verify that the “friendly sender” and the domain in the email signature (d=) are the same.

 

SPF and DKIM rely on alignment of the identifiers given. These protocols are still necessary today, but not sufficient alone as both protection (for sender and recipient) and deliverability aids.

How DMARC Works

SPF and DKIM are the fence and gate that keep out obvious intruders. DMARC is the lock and the team of security experts that make sure the fence and gate work well to keep out unwanted emails.

 

DMARC’s overview of the authentication protocol breaks the process down like this:

 

  • Deploy DKIM and SPF

 

If it hasn’t become clear yet, DKIM and SPF are the bare minimum email marketers must use to protect their brand and recipients through DKIM and SPF authentication protocols.

 

  • Make sure your mailers have DKIM and SPF authentication alignment

 

If your identifiers do not match, the email will not go through to the intended email recipient.

 

  • Publish a DMARC record with the “none” flag set for the policies, which requests data reports

 

This is where DMARC raises the level of authentication from its predecessors SPF and DKIM.

 

  • Analyze the data and modify your mail streams as appropriate

 

DMARC gives you insight into why your SPF and DKIM identifiers are not aligned and how to fix it for better deliverability.

 

  • Modify your DMARC policy flags from “none” to “quarantine” to “reject” as you gain experience

 

Since you can adjust and correct course in your email marketing with DMARC’s feedback, you are able to get better results and gain your recipients’ trust as a brand.

 

How DMARC Increases Deliverability

Using DMARC has three main benefits for your email marketing ROI:

 

  • It protect your sending domain
  • It protects your subscribers
  • It improves inbox placement

 

The fewer emails that go into the junk folder, the better for your IP reputation and deliverability rates. Once you build a brand, you want to ensure your recipients continue to trust the sender and augment open rates.

Start Your Free Trial