Understanding the What, How, and Why of DMARC
You probably already know this, but it bears repeating: Email by itself is NOT secure; anyone can use someone else’s identity to send emails. In fact, email is the #1 way cyberattackers can target your customers and your email ecosystem. No brand is untouchable when it comes to attackers using or spoofing email domains to send spam, phishing attempts, malware, or ransomware. Successful attacks aren’t just expensive (the average attack costs a company upwards of $5 million, sometimes more) but they hurt your brand reputation and impact customer trust and loyalty. So, what can you do to keep your email secure, ensure only authentic emails reach your contacts’ inboxes, and keep the bad guys out? Follow the lead of companies around the world, such as Apple, JPMorgan Chase, Paypal, and Netflix, and implement DMARC.
What is DMARC?
Domain-based Message Authentication, Reporting, and Conformance (DMARC) is an open email standard that came about in 2012, thanks to the consortium DMARC.org, of which Agari is a founding member, to protect email. It works to help prevent cyberattackers from spoofing email domains by allowing companies to see who and what is using their domain name for email sending and authenticating the legitimate ones. If the mail stream isn’t authenticated, the email won’t get to inboxes, where it could wreak havoc. DMARC is the ONLY way for email senders to tell email receivers that the emails they are sending really are from them and can be trusted.
How Does It Work?
So what does it mean that DMARC authenticates email? How exactly does it work?
To become DMARC compliant and start using it, you need to add a DMARC record into your DNS server. The record, which needs to start with “v=DMARC”, allows you to start collecting feedback from email receivers and unearth any fraudulent emails or email senders using your domain or company name. If you’re not sure how to create a record, you can use our record creator and then follow this in-depth guide to putting it in your DNS record.
After the record is set up, you’ll have to deploy email authentication for SPF and DKIM. Don’t have SPF or DKIM or aren’t sure what they are? We’ve got you covered. You can think of SPF and DKIM as being the first line of defense for your email, with DMARC being the final protection point. They all can work separately but are stronger together.
Once DMARC is in place, you’ll start getting records of who or what is using your email domain and sending emails on your behalf. You may think you know everyone sending emails for you, but 3rd party usage increases your chance of an attack. And, if you’re a large company, you’re probably using more than one 3rd party vendor, like SalesForce and Marketo. Are you sure you can remember them all? DMARC gives you that visibility and allows you to ID which companies are legitimate.
Now, when an email gets sent, your DMARC policy will allow one of three things to happen to that message. If the email passes DMARC authentication, it will go to the inbox. If it fails, it will either be sent to junk or it will be deleted from the inbox before it even gets there. It depends on how you set up your policy. You want to make sure you have it set up and configured properly so that good emails don’t accidentally end up in junk and bad emails don’t slip through the cracks.
It is important to know that while DMARC works to prevent fraud from coming from a protected domain, it does not protect against all email threats. While it helps with Business Email Compromise (BEC), it only partially addresses BEC and inbound threats and can not protect against bad attachments or links, or from emails that aren’t coming from your domain. To protect your company and data from spoofing and attacks from domains outside of your own, consider using Agari brand protection.
Why Should I Care About DMARC?
If the idea of hackers using your email to send illegitimate emails isn’t enough to convince you to implement DMARC, there are other benefits to consider.
Across the world, 2.5 billion mailboxes are DMARC-enabled; companies like CapitalOne, ADP, Google, Comcast, AT&T, and more, realize the importance of securing and validating email. These brands not only have increased brand protection, but they also see an increase in email deliverability and report a 10% rise in the response rate to email campaigns, as there are no questions about whether the emails are real or not. There’s also a decrease in customer service calls; customers can’t call you asking you about a suspicious message if they never got it, thanks to DMARC-filtering.
According to our internal research, companies using DMARC experience financial benefits as well, including
The benefits clearly speak for themselves. Why risk your brand equity, customer trust, engagement, and millions of dollars not protecting your email domain and your company as a whole when there is a simple, easy-to-use, and easy-to-implement solution?
Let’s get you started with DMARC. Contact Us.