DMARC isn’t a product, it’s an email security tool that tells email servers whether emails coming from your company’s domain are legit.
Protecting your SMB from phishing attacks is crucial and can be achieved through one simple email security fix. This fix not only safeguards your company’s brand and reputation but also prevents scammers from spoofing your company’s email addresses to launch phishing attacks or spam campaigns. The tool is known as DMARC (Domain-based Message Authentication, Reporting & Conformance).
DMARC isn’t a product; it’s an email authentication tool. It includes a set of rules you can program your email system to follow for all emails sent from your company. Chances are you’re probably not using it. Less than 18% of U.S. companies surveyed in 2019 had implemented it. A sample from the 2019 survey by 250ok, showing how many organizations still aren’t using DMARC:
- Best overall — large global law firms: 43%
- U.S. Financial Services: 71.7%
- U.S. average: 82.4%
- Worst in U.S. — non-profits: 91.4%
We’ll get more into the technical stuff later, but first let’s look at the benefits your SMB can get from setting up DMARC effectively.
5 Email Security Benefits from the DMARC Tool
1. Fight Fake Internal Emails
DMARC stops bad guys from sending phishing emails to someone in your company that appear to be from you or someone else in your company. They usually try to convince the recipient to click on a link that installs malware, transfer money to a fraudulent account, or reveal account login/passwords.
2. Fight Fake External Emails
Crooks can spoof your company’s emails to attempt the same phishing tactics with your clients, vendors, prospects, financial providers, etc.
3. Stop Spam from Going Out in Your Name
Spammers leverage your SMB’s name to get people to open emails and click on links, so the spammers will reap advertising revenue.
4. Establish Your Domain as a Legitimate Source
DMARC interacts with servers that process incoming emails, giving them evidence that your domain name hasn’t been hijacked. Some email recipients may even require senders to use DMARC-compliant emails in certain situations.
5. Improve Results for Email Vendors/Partners
If you use email services such as MailChimp or Constant Contact — or any other partners to send emails on your company’s behalf — DMARC should be configured to give these emails the same level of legitimacy as those you send yourself.
How Does This Basic Email Security Tool Work?
DMARC, and email authentication in general, is very complicated. However, essentially DMARC is a set of instructions from email senders to the servers that receive emails.
DMARC code prompts the receivers to test for certain authentication settings that you’ve set up for your domain. You can configure DMARC to tell the receiver servers what to do with emails that fail the test:
- Send them through to recipients for now but monitor it.
- Direct them to the recipient’s spam folder.
- Don’t deliver them at all.
How to Implement DMARC
The best way to create a DMARC record for your domain depends on how your company uses email, and how much you want to get out of DMARC’s capabilities. Consider these three options:
1. Set Up DMARC Yourself
2. Set It up Through an Experienced Vendor
If you work with a general IT services provider, find out whether email authentication, including DMARC, has been set up for your company. When Teal works with clients, we look at the firm’s email authentication settings and recommend adjustments if necessary.
If you have more than a few employees and you use email extensively — especially if you use a vendor or two that sends emails on your behalf — it’s best to have expert assistance.
For some excellent articles, videos, and presentations about DMARC, visit DMARC.org.
3. Have a Vendor Set It up and Monitor It for You, if Necessary
Once DMARC is enabled on your domain, you can get reports from most major email providers that show you all sources of email from your domain. Some external sources may have your permission – such as a marketing partner. Other sources may be bots or criminals.
Monitoring DMARC reports makes full use of this powerful tool. It particularly makes sense if your SMB depends on extensive email marketing campaigns. If you don’t have the in-house expertise to run and interpret DMARC reports, you can work with a managed service provider.
Only Send Emails the Recipients Want and Trust
It’s critical for the people and businesses you email to trust that they’re not receiving harmful or unwanted content from your company. Once you’ve lost an email recipient’s trust, you may never get it back. That’s why it’s worth your time to at least look into DMARC and other methods of email authentication. If your organization is struggling to implement effective email authentication, contact a business technology advisor at Teal for assistance.
Teal can help you implement the best practices described in this article so that you can keep all email-based cyber threats at bay and focus on what you do best – making your customers satisfied. Contact one of our business technology advisors today to book a free consultation.