Von Marissa Neureiter
Marissa is project and content manager in the corporate communications team and at news aktuell she enjoys her passion for texting on a daily basis. Thanks to her many years of experience in PR agencies and corporate communications, she always keeps a cool head in day-to-day communications and public relations work.
Have you ever received an email claiming to be from your bank? Or experienced a failed delivery attempt for your parcel? On closer inspection, it turned out that: In reality, the email came from fraudsters.
This is exactly where DMARC comes in. The DMARC guideline (Domain-based Message Authentication, Reporting and Conformance) is a security standard developed to make emails more secure and prevent them from being misused by cyber criminals.
But what exactly does it entail and what should companies know? As customers of email service providers, what should companies know about DMARC? We provide an overview and specific recommendations for action.
DMARC stands for 'Domain-based Message Authentication, Reporting, and Conformance'. It is a security standard that was developed to protect emails from cyber-attacks and misuse. It was initiated by Google, Yahoo, Microsoft and other major companies.
The implementation of DMARC aims to protect against email spoofing. Spoofing means that criminals send fake emails that look as if they come from a trustworthy source.
With DMARC, companies can ensure that their emails are authentic and are not being misused. This increases the security of email transmission.
In addition, since February 2024, companies or sender domains that send more than 5,000 emails a day to Yahoo! and Google addresses must comply with a DMARC obligation. In other words, from this date onwards, affected companies should ensure that the correct settings are in place.Otherwise, emails could be blocked or categorised as spam.
DMARC works via DNS entries (Domain Name System) and is directly linked to the domain from which emails are sent.
A DNS entry tells our computer which IP address belongs to a domain. It can also define rules for emails. DMARC uses this function: it is stored as a special TXT entry ('TeXT') in the DNS of a domain. This entry tells the receiving email servers:
Without this DNS record, there is no DMARC policy and email servers would not know how to deal with suspicious emails.
In short, DMARC is a rule that is stored in the DNS records of a domain so that email servers know how to handle emails from this domain.
In detail, DMARC is based on two established security protocols:
DMARC combines these two technologies and provides an additional check: it checks whether the sender address (in the 'from' field) matches the actual domain of the sender.
If an email does not pass this check, the DMARC entry recommends to the receiving mail server how it should deal with emails that violate SPF and DKIM. This entry is defined by the owner of an email domain. There are three options:
Implementing a DMARC policy enables organisations to protect themselves against email fraud and identity theft.
The 4 key benefits are:
DMARC helps organisations protect communication, increase trust and improve email deliverability. DMARC is therefore not only an important building block for your cybersecurity, but also for your image.
DMARC affects not only companies in the broadest sense, but everyone who sends and receives emails. While private users benefit from the security measures of major providers, companies with their own domain must take action.
Many companies use external email service providers such as news aktuell to send press releases or newsletters. The PR software zimpel, for example, sends emails in the name of your company domain to contacts from your individual mailing list.
The benefits of zimpel at a glance:
zimpel: The media directory for your press mailing lists
With zimpel you can create custmised press mailing lists in no time and reach over 612,000 media professionals, blogs, podcasts and influencers worldwide. Our PR tool offers GDPR-compliant data records that are constantly updated and makes your contact research much easier. Use the intuitive mailing tool for time-saving communication.
However, without the correct DNS settings for your company domain, emails that you send via an external service provider may be blocked by DMARC. But don't worry: your network administrator can easily make all the necessary settings. Below we explain what you need to bear in mind when an external service provider such as news aktuell sends emails on behalf of your company.
To ensure emails continue to be delivered via an external service provider, technical settings need adjusting. By adjusting the DNS entries, emails won't end up in spam or be blocked by DMARC and will continue to reach the intended contacts.
Here are the 5 most important steps your company should consider:
Step 1: Edit the SPF record
The SPF record tells the receiving mail server that an external server is authorised to send from your domain. If you are already using an SPF record, add the service provider's predefined entry as an authorised sender to it. Alternatively, create a new SPF entry that contains the corresponding TXT entry from the service provider.
Step 2: Set up the DKIM key
DKIM allows recipients to check whether an email really comes from you and whether the content has been changed. Your service provider will provide you with your own DKIM key, which you must store in your DNS settings to activate DKIM.
Step 3: Create and test the DMARC policy
The corresponding DMARC record instructs your receiving mail server on how to handle emails that violate SPF and DKIM security protocols. You should therefore first create and test such a policy. This will ensure that all legitimate emails are delivered correctly. It is recommended that you start with a 'none' policy to see what happens.
Step 4: Verify the MX record
Emails cannot be sent or received under a domain without an MX record (‘Mail Exchanger Record’). This special DNS entry determines which mail servers are authorised to receive emails for a specific domain. Therefore, to verify an email address, you also need an MX record.
This is particularly important where email addresses are used that are only intended for sending. In this case, the MX record tells the receiving mail server which server or mail address on the recipient side is authorised to receive emails.
The MX record is usually already set up for email addresses that regularly participate in email traffic, i.e. those that also receive emails directly.
Step 5: Regularly analyse reports
Another advantage of DMARC is that you receive regular reports on failed attempts. Use these reports to identify issues and learn from them.
Implementing DMARC requires some technical expertise, but don't worry, though — you won't have to do it alone. We will soon be providing our zimpel users with an automatic check and a step-by-step guide to help them easily optimise their sender address.
This will ensure that our zimpel customers continue to fulfil all technical requirements for reliably sending their messages securely to their target groups. This means they won't need to worry about their emails ending up in the spam folder or not being delivered at all. We work closely with our customers to ensure that their emails are sent securely and reliably, while continuously working to comply with the latest security standards.
Our team will also be happy to answer any questions you may have. We offer this service free of charge.
DMARC is an important tool that strengthens the trust of your customers and makes emails more secure. Even if the set-up seems complex and requires technical support, it is worth the effort to protect yourself against fraud.
Do you already use zimpel and need assistance with the implementation in your company? Ask our zimpel team about DMARC - we are happy to help you ensure that your emails remain secure and trustworthy.
Contact our zimpel support