How do I set up DMARC?

Authentication mechanisms in email marketing are important. Such mechanisms allow you to validate your sender address. It is the best guarantee for your recipients that you are indeed authorized by your organization to send mailings. We all know those messages that seem to come from your bank, but aren't. Authentication is therefore important to show that your mailings are not phishing emails. It is an active way to 'defend' your reputation.

What is DMARC?

DMARC is such an authentication mechanism. DMARC stands for Domain-based Message Authentication, Reporting & Conformance. The sender address and the sending server (the platform from which the email is sent) get validated by DMARC. It is the most comprehensive mechanism out there and is an additional guarantee, of which SPF and DKIM are also a part.

You could also only use the SPF mechanism. Read more about it in the article: SPF. However, DMARC is the best guarantee against phishing. Users of DMARC include banks, among others.

DMARC structure

DMARC consists of SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail).

SPF
How can the recipient know that the mail you are sending is indeed from your organization? When you are sending an email from Outlook to a business partner, they are aware of who you are. But say you have created a thoughtful mailing in Spotler, and you send it to multiple recipients. How does each individual recipient know that this email is indeed from your organization and isn't a phishing email? This, you can arrange through SPF.

SPF stands for Sender Policy Framework. This mechanism ensures that a mailing which is sent on behalf of an organization (for example Spotler) is authorized by the owner or administrator of the sender address (your organization).

This means that you, as Spotler user, have to designate us as a legitimate organization for sending your mailings, by using SPF.

DKIM
DKIM ensures that a digital signature and a key are added to your mailings, in addition to the SPF. Your organization thereby 'acknowledges' that the email was actually sent in the name of your organization.

What are the results of using DMARC?

DMARC reduces the SPAM score of your mailings, as email servers increasingly expect emails to be properly secured these days. As such, this increases the chances of your mailing getting delivered.

If mailings with your domain name are sent without SPF and DKIM, DMARC will report this back to you. This way, you can see who is emailing using your name and get insight into who is–possibly–misusing your domain name. In addition, the receiving email server will determine what should be done with this email. Depending on how DMARC is set up, the email will be:

  • rejected by the receiving email server,
  • quarantined,
  • or delivered.

In order to publish DMARC, you must complete 2 steps:

  1. Request DMARC authorization
  2. Send instructions to your domain administrator

1. Request DMARC authorization

First, you must request DMARC authentication in your Spotler account. Go to Settings and then to the tab Security. You will automatically be referred to the header Deliverability. Here, you will see an overview of your reply addresses, or you could add a reply address here.

Overzicht_DMARC.png

Below that, you will see an overview of reply domains. If your reply address is active, the domain of your reply address is automatically added here. This is where you can request DMARC authentication. Move your cursor across the domain or right-click to open the drop-down menu. Click on Request DMARC authentication.

Request_DMARC.png

A pop-up will appear:

Pop-up.png

Specify the format in which the DKIM key must be used. We recommend 2048-bit, because the higher the number of bits, the better the DKIM is protected. However, please contact your domain administrator to find out whether 2048 is supported. Next, click on OK.

The status of the reply domain has now been changed to DMARC authentication requested.

DMARC_requested.png

You will receive an email with further instructions.

Instruction_mailing.png

2. Send instructions to your domain administrator

Requesting DMARC authentication requires implementing a number of settings on your own server. Therefore, make sure to forward the instruction email to your domain administrator, to have them set up the DMARC policy for your domain.

Please note! If the DMARC policy has already been set up for your domain, you can only send emails with Spotler if Spotler is authorized to do so (and if this is set up correctly in Spotler). Arrange this before you send out the first mailing.