Email Security

Improve Email Delivery & Protect Your Reputation with DMARC Monitoring

DMARC (Domain-based Message Authentication, Reporting, and Conformance) allows you to eliminate unwanted fraudulent traffic, delivering only authenticated messages to your recipient. As a result, legitimate emails are passed through, and fraudulent emails, or emails that appear to come from your domain but actually came from an unscrupulous individual, are blocked.

Implementing DMARC and other anti-phishing protocols greatly reduce the chance of human error, protect your brand, and stop hackers from sending emails from your domain. This is crucial for email security and marketing. By tracking and leveling up your email authentication standards, you’ll improve your email deliverability and reputation.

How Does it Work?

Email Security is implemented by adding and monitoring four different types of DNS records on your domain.

1. SPF – SPF records specify who is allowed to send as the domain.
2. DKIM – DKIM records are validation keys, similar to a password.
3. BIMI – Brand Indicator Message Identification (BIMI) records are an industry-wide effort to use brand logos as indicators to help email recipients recognize and avoid fraudulent messages. They’re used to display your company logo inside an email inbox if the email is legitimate.
4. DMARC – DMARC records set the rules and send email reports. You can monitor, quarantine, or reject emails that don’t pass the SPF and DKIM authentication. In the beginning, DMARC records are set to monitor only. The protocol is to monitor first to ensure that you’ve identified and included all sources allowed to send as your domain. If you move too quickly, you may end up interfering with legitimate email being delivered.

• Once you are sure you have rules for all authorized sending sources, you then update the rule to “quarantine” at a small percentage (10%) and slowly move up to 100%.
• You then update to “reject” and move from 10% to 100%.
• This is a slow process and takes several months to get to completion.

Once these DNS records are in place, we use a 3rd party service to monitor the Aggregate Reports (RUA) and Failure Reports (RUF).

If at any time in the future, you start using another 3rd party service to send email (for example, a newsletter service), you would need to update these DNS records.