How to Explain DMARC to Your Boss

Written by
Edward Ma

March 7, 2024

ICYMI and live on a remote island free of email chatter: Two giants of email, Google and Yahoo, announced that every bulk email sender needs to have a clear DMARC policy in place, pronto, among a few other requirements. Having a policy went from being a you-really-should best practice to being a requirement. So there’s never been a better time to implement a policy that will reinforce trust in your brand.

In simple terms, DMARC is like a digital checkpoint for your emails that confirms they are from the correct organization and not someone pretending to be you. 

A Few of Our Favorite Acronyms 

  • Sender Policy Framework (SPF) is an authentication process that includes the IP address that you are authorized to send from. 
  • Domain Keys Identified Mail (DKIM) identifies your domain with a specific and approved cryptographic signature, which ensures mail traffic is legit.  
  • Domain-Based Message Authentication Reporting & Conformance (DMARC) is the authentication protocol that checks both SPF and DKIM. You can designate rules on what to do if mail fails these authentication steps. 
    • REJECT is the policy that bounces or discards any emails that fail DMARC. 
    • QUARANTINE is the policy that doesn’t completely reject the email but recommends the message be moved to the spam folder.  
    • NONE is a policy that gives a report on the results, but doesn’t take any actions if the authentication steps fail.

How It Works

As an email is being sent, there are multiple steps of authentication that it needs to go through before it hits any inbox. When the Email Server gets the signal that an email is being sent, it pings the SPF, DKIM, and DMARC records.

If SPF and DKIM pass, then it passes DMARC.
If SPF fails but DKIM passes with alignment, DMARC still passes.
If SPF passes with alignment but DKIM fails, DMARC still passes.

A Little Analogy To Help with Lift Off

DMARC procedures can be compared to navigating through airport security.

  • SPF might be your ID that you flash at check in. 
  • DKIM is like your ticket to ensure that you are actually getting on the right flight.
  • DMARC is your airport security person, looking at both your ID and ticket to let you through to the gates.

Now, let’s imagine three types of airport security policies:

  1. None Policy: This is like an airport with no security checks. Anyone can enter, representing emails sent with no strict security measures. 
  2. Quarantine Policy: Similar to an airport with some security measures, unclear identifications are checked before proceeding. It offers a second check before reaching the destination.
  3. Reject Policy: This is a strict airport with rigorous security checks. If an identification is suspicious, the person isn’t allowed through.

What’s Next?

Prioritizing DMARC and setting a clear policy isn’t just about securing your emails. It’s about fortifying your brand and becoming more trustworthy to your subscribers. And we wouldn’t be surprised if it was normalized for every domain and IP in 2024.

If you have any questions about email deliverability or interested in a trial to understand how your DMARC policy is looking, feel free to reach out at sales@inboxmonster.com.

Related Articles

Check Out Apple’s AI Previews Before You Send

Check Out Apple’s AI Previews Before You Send

Apple released Apple Intelligence (Apple AI) with the release of the iPhone 16 this past October. Apple Mail (the default mail client on the iPhone) leverages Apple AI and has started replacing preview text of emails within the Locked Screen, List Screen and Message...

Live Previews: A Revolution for Interactive Email Testing

Live Previews: A Revolution for Interactive Email Testing

Inbox Monster announces today a new way to test interactive content and animation in email: Live Previews.  Testing the support for interactive elements has long been a challenge that holds email makers back. It’s impractical to send test emails to all types of...

The Sending Scaries: Real Stories From The Email Geek Community

The Sending Scaries: Real Stories From The Email Geek Community

It’s spooky season, and if there’s anything scarier than mysterious creatures lurking in the dark, it’s sending a holiday campaign and realizing something has gone horribly wrong. You’ve been there: deadlines breathing down your neck, endless rounds of testing, and...