DMARC is making big waves in the anti-phishing ocean, supported by major mailbox providers like Google, Microsoft and Yahoo, and brands including Amazon, PayPal, LinkedIn and Bank of America. More than 156 million phishing emails are sent to recipients around the world every day, so it’s gratifying to see efforts are being made to stop scammers, assist legitimate traffic and improve email safety. But what exactly is DMARC and how can you deploy it? As always, we’re here to help.
Keeping your domain safe
DMARC, which stands for Domain-based Message Authentication, Reporting & Conformance, is a proposed standard that helps email users ensure that the messages they receive are from a recognised source — not a dodgy domain run by phishing scammers.
By allowing email senders and receivers to mutually share information about the email they send to each other, DMARC also gives owners of an internet domain a way to request that spoofed, illegitimate messages go straight to spam folders, or better yet, get rejected outright.
It’s important to note that DMARC won’t help if your actual email account has been compromised as it only authenticates which server the mail comes from — so it’s still essential to use robust passwords and practice good account security.
Why should I support DMARC?
DMARC has been deployed extensively amongst the big corporates, but there’s a real opportunity for more SMEs to get on board. It’s especially worth considering if you rely on email communication to get in touch with your clients and prospective customers, particularly so if you offer financial services. In fact, a Cloudmark survey found that consumers are 42% less likely to do business with a brand from whom they receive spoofed phishing messages.
But it won’t just ensure that your brand is recognised as trustworthy and secure; mailbox providers are beginning to preference DMARC-authenticated traffic so you’ll be winning on deliverability as well.
How do I get started?
If you’re thinking about deploying DMARC yourself, there are a few housekeeping issues to take care of first.
Firstly, you’ll need to ensure you’re already using DKIM and SPF — these email validation systems are necessary for it to function. Secondly, you’ll require a list of the authorised email domains that your company uses, including external domains that send mail on your behalf such as marketing companies, so that you can effectively manage where your mail should be coming from.
You’ll also have to submit a change to your DNS record, and determine which email address you’ll use to receive your DMARC reports.
Further information and help
https://dmarc.org/ has a tremendous array of resources and FAQs, but if you want it set up quickly, or don’t have the resources do manage it yourself, Stellarise can help.
We already operate under the DMARC standard and have helped a number of our clients to quickly and smoothly adopt it. Talk to us today to secure the credibility of your company’s communications and improve your email safety.