What You Need to Know About DMARC and Deliverability December 6th, 2016 Chris Truitt Chris Truitt Chris Truitt Read More About Chris Chris Truitt In recent months, there has been a lot of chatter about the significance of DMARC and how it can impact inbox delivery. Let’s take a look at how it works, what to consider before setting up a DMARC record and how to do it properly. DMARC, or Domain-based Message Authentication, Reporting and Conformance, is an email authentication protocol and anti-spoofing technology that works alongside other email authentication protocols, such as SPF (Sender Policy Framework), to help protect email recipients from receiving spam and phishing attacks in their inbox. DMARC’s rise can largely be attributed to Gmail, which initially announced its adoption of a DMARC policy over a year ago. Gmail has also announced plans to implement an even more rigorous policy that will reject mail instead of sending it to the spam folder. So far, this has had little impact on Bronto senders because most use their own private domains and company addresses in the “from” field. How DMARC Works DMARC records essentially tell email receivers how to treat messages that come from your domain. They must be added into the DNS record of your private domain. The P tag, or policy tag, can be configured to one of three options: None – Used to collect feedback without impacting existing flows or delivery. Quarantine – Forwards mail that is not properly authenticated with DMARC into the spam folder. Reject – Tells the receiving server to reject the mail outright and cause the messages to bounce. v=DMARC1; p=reject; rua=mailto:firstname.lastname@example.org The example above is a DMARC record for Google.com. Note that the policy tag is set to reject. This means that emails sent from a Google or Gmail address in the “from” field that are not sent from Google’s infrastructure will be rejected outright and will result in a bounce. Note: DMARC references the SPF record. If you choose to implement a DMARC record on the DNS record of your domain, it is important to ensure that the SPF record points to Bronto as an allowed facilitator of your mail. Is DMARC Required to Get My Emails Into the Inbox? DMARC implementation is not required to deliver email messages. Most senders have not implemented DMARC, and they have no problems at all with inbox placement. Google’s announcement of its intention to change its own DMARC policy prompted some into swift action but at this time, you do not need DMARC to reach the inbox. In terms of email authentication, DKIM and SPF are required and adhered to by Bronto. What to Consider Before Setting Up a DMARC Record If you choose to use DMARC, be sure you understand the ramifications. Setting up the DMARC record essentially tells your email receivers how to treat mail coming from a source that claims to be from your domain. It’s a great mechanism to help prevent spoofs and phishing attacks, but if it is not implemented correctly, you may end up with a lot of mail that bounces or goes into the spam folder. Senders often fail to set up the DMARC record properly. The DMARC record points to the SPF record. If the SPF has no reference to your email service provider or any subdomains or IPs connected with Bronto, the receiving mail server will quarantine or reject mail based on parameters set within the DMARC record. When the SPF record is not set up properly, the receiving mail server will not reconcile the sending domain or recognize the email facilitator as legitimate. In this situation, the sender’s own record may cause their mail to go into the spam folder or bounce. Before you attempt to implement a DMARC policy, you must first ensure that your SPF record is properly configured. If you have a subdomain set up with Bronto, we’ve got the SPF piece covered for you. If you are sending from a Bronto subdomain and you intend to add DMARC to your own private domain, you will need to be sure that the SPF record identifies Bronto as the sender or facilitator of your mail to avoid bounces or spam folder placement once your DMARC record is implemented. A DMARC policy can be an effective way to allow both senders and receivers to improve and monitor protection of their domains from fraudulent emails. If you choose to set up a DMARC record, be sure to follow the best practices in this article. If you need assistance, contact Bronto Technical Support.