5 Points Email Marketers Need to Understand About DMARC, Authentication and Phishing
It's tempting to point out that email authentication can be boring to marketers. And that many believe it's not in their job descriptions—despite all the efforts to bust down silos between departments. But all of that's obvious. Here's what many marketers may not realize about email authentication:
Proper email authentication not only makes sure marketers' messages get through, but that the fakes don't; thereby likely increasing revenue, says Sam Masiello, general manager and chief security officer at New York-based email performance management company Return Path. That's because spam and brand spoofs can really cut down on recipients' trust. "The more phished messages make it to the inbox, the more likely that brand's real emails will draw complaints, contributing to a decrease in email effectiveness rates and potentially lost revenue and customers."
To solve that problem, Return Path worked with 14 other email service and technology providers to create a mechanism that will allow authenticated email from marketers into the inbox and block out all the potential rulebreakers. Wigs and mustaches won't work anymore, Domain-based Message Authentication, Reporting and Conformance (DMARC) will be wise to all the spammers and phishers disguised as spoofed brands, according to the Jan. 30 announcement by DMARC.org, a technical working group dedicated to "developing standards for reducing the threat of deceptive emails, such as spam and phishing."
Masiello boils down what marketers can say once they implement DMARC: "Hey ISPs, my email is all set. Block anything that doesn't pass SPF and DKIM." (SPF stands for "sender policy framework" and DKIM is short for "domain keys identified mail.")
Providing more elaboration on the marketing benefits of DMARC are Masiello and:
- Adam Dawes, product manager at Mountain View, Calif.-based Google; and
- Murray S. Kucherawy, president and CEO of The Trusted Domain Project, a non-profit dedicated to "supporting research and development of open software and open standards."
1. Even if marketers don't want to implement email authentication themselves, they should at least make sure someone in the organization is doing it.
According to DMARC.org, which says it's got a solution to this situation: "Senders remain largely unaware of problems with their authentication practices because there's no scalable way for them to indicate they want feedback and where it should be sent."