DMARC: The Email Security Tool SMBs Should Use, But Don’t

DMARC isn’t a product, it’s an email security tool that tells email servers whether emails coming from your company’s domain are legit.

Protecting your SMB from phishing attacks is crucial and can be achieved through one simple email security fix. This fix safeguards your company’s brand and reputation. Plus, it also prevents scammers from spoofing your company’s email addresses to launch phishing attacks or spam campaigns. The tool is known as DMARC (Domain-based Message Authentication, Reporting & Conformance).

DMARC isn’t a product; it’s an email authentication tool. It includes a set of rules you can program your email system to follow for all emails sent from your company. Chances are good you’re not using it.

Less than 18% of U.S. companies surveyed in 2019 had implemented it. A sample from the 2019 survey by 250ok, showing how many organizations weren’t using DMARC:

  • Best overall — large global law firms: 43%
  • U.S. Financial Services: 71.7%
  • U.S. average: 82.4%
  • Worst in U.S. — non-profits: 91.4% 

Recent surveys suggest that around 25-30% of U.S. companies have implemented DMARC. While it has improved, the adoption rates can vary widely depending on the industry, company size, and other factors.

We’ll get more into the technical stuff later. But first, let’s look at the benefits your SMB can get from setting up DMARC effectively.

5 Email Security Benefits from the DMARC Tool

1. Fight Fake Internal Emails

DMARC stops bad guys from sending phishing emails to someone in your company that appear to be from you or someone else in your company. They usually try to convince the recipient to click on a link that installs malware, transfer money to a fraudulent account, or reveal account login/passwords.

2. Fight Fake External Emails

Crooks can spoof your company’s emails to attempt the same phishing tactics with your clients, vendors, prospects, financial providers, etc.

3. Stop Spam from Going Out in Your Name

Spammers leverage your SMB’s name to get people to open emails and click on links, so the spammers will reap advertising revenue.

4. Establish Your Domain as a Legitimate Source

DMARC interacts with servers that process incoming emails, giving them evidence that your domain name hasn’t been hijacked. Some email recipients may even require senders to use DMARC-compliant emails in certain situations.

5. Improve Results for Email Vendors/Partners

If you use email services such as MailChimp or Constant Contact — or any other partners to send emails on your company’s behalf — DMARC should be configured to give these emails the same level of legitimacy as those you send yourself.

How Does This Basic Email Security Tool Work?

DMARC, and email authentication in general, is very complicated. However, essentially DMARC is a set of instructions from email senders to the servers that receive emails.  

DMARC code prompts the receivers to test for certain authentication settings that you’ve set up for your domain. You can configure DMARC to tell the receiver servers what to do with emails that fail the test:

  1. Send them through to recipients for now but monitor it.
  2. Direct them to the recipient’s spam folder.
  3. Don’t deliver them at all.

How to Implement DMARC

The best way to create a DMARC record for your domain depends on how your company uses email, and how much you want to get out of DMARC’s capabilities. Consider these three options:

1. Set Up DMARC Yourself

Many companies offer free tools for setting up DMARC and other email authentication features, including Agari and dmarcian. This option is probably only best for one- to two-person shops that just use email for basic business communication.

2. Set It up Through an Experienced Vendor

If you work with a general IT services provider, find out whether email authentication, including DMARC, has been set up for your company. When Teal works with clients, we look at the firm’s email authentication settings and recommend adjustments if necessary. 

If you have more than a few employees and you use email extensively — especially if you use a vendor or two that sends emails on your behalf — it’s best to have expert assistance.

For some excellent articles, videos, and presentations about DMARC, visit

3. Have a Vendor Set It up and Monitor It for You, if Necessary

Once DMARC is enabled on your domain, you can get reports from most major email providers that show you all sources of email from your domain. Some external sources may have your permission – such as a marketing partner. Other sources may be bots or criminals.

Monitoring DMARC reports makes full use of this powerful tool. It particularly makes sense if your SMB depends on extensive email marketing campaigns. If you don’t have the in-house expertise to run and interpret DMARC reports, you can work with a managed service provider.

Only Send Emails the Recipients Want and Trust

It’s critical for the people and businesses you email to trust that they’re not receiving harmful or unwanted content from your company. Once you’ve lost an email recipient’s trust, you may never get it back. That’s why it’s worth your time to at least look into DMARC and other methods of email authentication.

Get Advanced Email Protection

If your organization is struggling to implement effective email authentication, contact a business technology advisor at Teal for assistance.

We can help you implement the best practices described in this article so that you can keep all email-based cyber threats at bay. That way, you can focus on what you do best – making your customers happy. 

Teal offers affordable, responsive and secure managed IT services to US-based SMBs, including local MSP services provided in:

Established in 2000, 
we enrich lives by delivering ultra-responsive services, prioritizing integrated cybersecurity, and investing in our staff.

Discover how we fulfill our promises to clients with Net Promoter Surveys and our unique quality assurance processes

Latest Teal News

Subscribe to Our Newsletter

Join Teal Exclusive now to be notified of the latest news, tech tips, and more.

Recent Articles
Don’t Stop Here

More To Explore

Remote Work

Solving Common Remote Work Security Challenges

Organizations face increasing threats from phishing scams, the use of insecure passwords, and the complexity of managing personal devices. Tackling these issues head-on is essential