5 Essential Tips for Implementing DMARC
Over the years, I have had the opportunity to help hundreds of companies implement the DMARC (Domain-based Message Authentication Reporting and Conformance) protocol—and I’ve learned a lot along the way.
Below, you can find my top five implementation tips that anyone embarking on the DMARC journey can leverage.
Tip 1: Don’t wait to implement DMARC.
You don’t have to know everything about your email program and your email sending processes to implement DMARC. All you need to do is identify the sending domain(s) you want to protect.
By implementing DMARC with a mail receiver policy set to “none,” you will receive the information you need via DMARC reports without impacting the deliverability of your legitimate messages. The information provided in these reports will grant the visibility you need to make informed, data-driven decisions.
Tip 2: Transform your data into insights.
The amount and structure of the DMARC data you receive via DMARC reports can be overwhelming. And, until you can process and analyze the data into meaningful insights, the reports aren’t particularly useful.
Working with a partner like Return Path can help standardize the data into an actionable format so you know how to clean up your email ecosystem and start blocking all messages that do not pass DMARC with a “reject” policy.
Tip 3: Get executive buy-in.
You and your team might understand the value of securing the email channel with DMARC. But until an executive at your organization does, your DMARC implementation process will be much harder to pull off. Communicate the value of DMARC in business terms to the C-Suite—how is it protecting brand reputation and driving revenue? Use these stats to help build your case.
Tip 4: Identify and collaborate with the right resources.
While DMARC is often viewed as a security protocol, there are many departments that will have a stake in a successful implementation. DMARC requires collaboration across the entire organization. I’ve worked with people from DNS administrators to fraud investigators to marketing managers, and many roles in between. The sooner you can identify the resources you will need for your DMARC journey, the smoother the process will be.
Getting everybody on the same page early in your journey is critical. The organizations who are most successful with DMARC implementations are aligned on the goals of DMARC, allowing for cross-functional collaboration on the tactical steps.
Tip 5: Identify third-party senders.
Complex email programs create many unique challenges. Managing your third-party senders is one of them. You have much less control over the authentication practices of the vendor’s authorized to send email on your behalf. However, you can still affect change. Here are some actions that have helped me and my clients in the past:
Communicate the goal of your request. Emphasize that you are securing the email channel—keeping bad email out of the inbox—and maintaining legitimate email deliverability.
Provide detailed steps for remediation. The more specific your requests are, the more likely they are to be implemented in a timely fashion.
Use data and samples. DMARC affords you a wealth of data and information—use that as evidence, highlighting authentication issues and communicating the desired outcome.
Close the loop. Once changes are made, validate the results and communicate that to your business partners. If nothing else, this will strengthen your relationship and make any subsequent change requests less cumbersome.
There are certainly more challenges you might encounter on your DMARC journey, but the five above are the most common in my experience. Please share your own challenges in the comments section below.
Ready to implement DMARC at your organization? Download our step-by-step guide, “Getting Started with DMARC.”
About Matt Moorehead
Matt Moorehead is a Strategic Project Manager for Return Path's Email Fraud Protection team. He works closely with top brands on technical and strategic initiatives to eliminate the impact of email fraud. In his spare time you can find Matt on the golf course or the ski slopes. Connect with him on LinkedIn @Matt Moorehead, IMBA, or @mattmooreheadRP on Twitter.