This may be the most boring blog you read but it is important and although it is a little tech-heavy, persevere, it will pay off!
What is DMARC and why should you care?
Let me start by explaining what DMARC is and then how it works. DMARC stands for ‘Domain-based Message Authentication, Reporting and Conformance’ and it is a technical specification for email which is gradually gaining a foothold in the market. Its purpose is to standardise how receiving email servers perform email authentication, using the accepted mechanisms of DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework). What it means to email marketers is consistent authentication results with all ISPs and inbound mail receivers which implement the DMARC standard – right now this includes, but is not limited to, Outlook.com, Yahoo, GMail and AOL. So it’s a big deal.
DMARC works by telling the receiving server that the email is protected by SPF or by DKIM but more importantly, what the server should do if the email received is not protected by these protocols – so whether to junk them or reject them altogether. It is the alignment of the sending domains and the from address in the email header which are key here and the receiving mail server is looking to see whether the two domains are aligned either by strict alignment (which is where the two are identical) or relaxed alignment (where one could be a sub-domain of the other).
Yahoo users have for sometime been under attack from spammers and phishers who have had their email accounts compromised and then used to send these types of message. Yahoo have been pretty successful in stopping the spammers from using their servers but as usual the spammers changed their game and started sending email from Yahoo users but from servers other than Yahoo’s. So by changing their DMARC settings to ‘p=reject’ Yahoo are saying to the other mail hosts “if you get email that says it’s from Yahoo but doesn’t come from a Yahoo server, send it back where it came from”.
Below are two images of the message headers taken from an email from my inbox and one from my Junk folder. Can you guess which went into junk and why?
So, you probably came across this blog and persevered because it is affecting you and you are wondering what you can do.
The best thing you can do is start sending your emails from your own domain (e.g. displayblock.com), or a sub-domain (e.g. email.displayblock.com), correctly configured for your Email Service Provider.
N.B. Don’t register an entirely new domain because there are blacklists for emails from domains which are less than 3 months old.
Sending from a correctly configured domain or sub-domain will then pass SPF and DKIM tests and your message will no longer be rejected. Well, at least not for that reason!