Skip to Main Content

Do Email Senders Really Need DMARC?

With the e-commerce holiday season fast approaching it is time for marketers to consider the technical infrastructure, and specifically the deliverability practices, of the system they use to communicate with users through email messaging. 

Website Magazine readers should be familiar with other forms of email validation including SPF and DKIM but many senders are beginning to adopt another layer as doing so carries with it the potential for great benefit. 

Domain-based Message Authentication, Reporting and Conformance (DMARC), for example, is an email-validation system designed to detect and prevent email spoofing (intended to counter the illegitimate use of the exact domain name in the From: field of email message headers). It is focused primarily on techniques that are often used in phishing and email spam, such as emails with forged sender addresses that appear to originate from legitimate organizations.

DMARC is built on top of two existing mechanisms, Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). It allows the administrative owner of a domain to publish a policy on which mechanism (DKIM, SPF or both) is employed when sending email from that domain and how the receiver should deal with failures. Additionally, it provides a reporting mechanism of actions performed under those policies. It thus coordinates the results of DKIM and SPF and specifies under which circumstances the From: header field, which is often visible to end users, should be considered legitimate.

Deliverability is top of mind, but are senders doing enough? Does DMARC provide another needed level of protection?

Leave Your Comment

Login to Comment

Become a Member

Not already a part of our community?
Sign up to participate in the discussion. It's free and quick.

Sign Up


Leave a comment
    Load more comments
    New code