Yahoogle to the rescue!

In a momentous announcement in October 2023, Yahoo! and Google shook the email marketing world to its core.

They were bringing down the hammer and becoming much stricter with their requirements to deliver email to their users.

We delivery and deliverability folk sighed a sigh of relief! These major mailbox providers were finally adopting “best practice” as a required practice!

The “bare minimum” goalpost has finally been moved to a much more appropriate level!

Required DMARC

Among several requirements, one of the key ones, and the one that has caused the most confusion and fear, is the requirement for DMARC on the “From Domain.” This is the domain that appears in the from address: yourname@yourdomain.com.

Both Google and Yahoo! said that they require at least:

v=DMARC1; p=none;

Why DMARC?

DMARC, in simple terms, is a security protocol that helps ensure that emails sent from your domain are legitimate and not malicious.

The Problem

There is a problem, though, with the minimum requirement of “v=DMARC1; p=none;” …

Imagine you have just built a new house.

It is a gorgeous house, and you and your family look forward to living there.

There is just one problem: The house, even though it has a door frame, does not have a door.

Not only is there no door, but there are also no security measures in place. This means that your house is not just open, but it’s also unguarded, allowing anyone to enter and exit at their leisure.

THIS is the problem with only having: “v=DMARC1; p=none;” on your domain.

Monitoring

How do you actually monitor who is entering your gorgeous new home?

It’s simple: Add a security camera, or, in DMARC terms, an RUA address, to your DMARC record!

To be fair, your house will still be open to the world, but at least you will be able to see who is abusing it!

What is RUA?

RUA stand for: “Reporting URI(s) for aggregate data”

In most cases, this is an email address that aggregate reports are sent to.

Your record would look something like this:

v=DMARC1; p=none; rua=mailto:1uv1ayk1i2@rua.app.dmarcworx.com;

Too many emails with illegible attachments!

If you’re like most people who take the next logical step of adding an RUA address to your DMARC record, you set it to send to yourself@yourdomain.com.

If you’re a frequent email sender, particularly from an Email Service Provider (ESP), you’ll soon realize that you’re inundated with emails containing attachments to the RUA address.

These attachments are usually in “zip” format. When you unzip the attachment, you are left with an XML file. These XML aggregate report files were never meant to be read by mere mortals like you and me!

Monitoring Service

All those RUA emails filling up your inbox is exactly why there are many DMARC monitoring services out there.

Take a moment to search for DMARC monitoring services on Google. (Will open a Google search tab with the exact search terms.)

These services have become incredibly good over the last few years but are still pretty technical. If you don’t live and breathe email authentication, you may become overwhelmed by the sheer amount of information these tools provide.

Managed DMARC Service

Let InboxJam take over and manage your complete DMARC monitoring & infrastructure.

InboxJam offers a fully managed DMARC service that handles all the complexities of email security so you can focus on what you do best—running your business.

Manage This All For Me!

The Goal

The goal of DMARC is to move from p=none to eventually p=reject. Depending on who you talk to, some suggest you go none –> quarantine –> reject, while others suggest going from none straight to reject.

The problem is, if you are not actually monitoring your mail streams using a DMARC monitoring tool, how will you know if all your mail streams authenticate properly, before turning on p=reject and causing a whole lot of headaches if everything is not properly authenticating within your mail streams

Next Level Security

Now that we know who is entering our house, it is time to step up our security to the next level …

Enter p=quarantine, also known as enforcement.

FYI .. You need to be at least at this level before you can even think about looking at BIMI ;-)

We are now adding doors, which will not be completely closed, and a security guard to check if visitors are allowed to enter our home.

With p=quarantine, we are now telling mailbox providers that if DMARC fails, they should still accept the message but place it in the spam folder.

Managed DMARC Service

Let InboxJam take over and manage your complete DMARC monitoring & infrastructure.

InboxJam offers a fully managed DMARC service that handles all the complexities of email security so you can focus on what you do best–running your business.

Manage This All For Me!

Ultimate Security

Now it’s time to secure your house fully!

Enter p=reject!

You have now locked your door and instructed the security guard not to let anyone who is not authenticated pass. You still have the camera in place to see if someone who should be given access but has not been authenticated yet arrives.

You are telling the mailbox providers to reject (bounce) messages that do not pass authentication.

Nirvana right?

Well, maybe … You still need to closely monitor to make sure that you properly authenticate all your mail streams.

If all your email security, SPF, DKIM and DMARC are properly set up and properly aligning, you are now pretty secure from phishing and spoofing attacks on your domain.

Managed DMARC Service

Let InboxJam take over and manage your complete DMARC monitoring & infrastructure.

InboxJam offers a fully managed DMARC service that handles all the complexities of email security so you can focus on what you do best–running your business.

Manage This All For Me!

Happy Emailing!