With over 18 years of relationship management experience in the digital realm, dmarcian’s Senior Technical Account Manager Dan Levinson shares his insights on DMARC as a best practice and obstacles to adoption within the email ecosystem.
DMARC as Best Practice
DMARC, and its underlying technologies of SPF and DKIM, are becoming more widely recognized as best practices with increasing mandates requiring their use, such as the Netherlands’ comply-or-explain requirement and California’s SIMM 53315 initiative. In 2017, the US Federal Trade Commission (FTC) published a report promoting the widespread adoption of DMARC, concluding that “businesses can help reduce the number of phishing email messages and protect their reputations by fully implementing the low cost, readily available email authentication solutions.”
We decided to take a look at some of the obstacles to larger adoption we’ve seen on the DMARC landscape.
DMARC as Soft Suggestion
While email sources have excelled in providing their customers with options for SPF, DKIM and DMARC deployment, there is little direction or guidance provided by many of them. Often, DMARC is only listed as an option without the broader context of its inherent value and benefits.
It is important that tech is flexible; we commend sources for making DMARC accessible but lightly condemn them for not playing a more active role in suggesting it and making their end-users more mindful of it.
The assumed challenge for sources is that they operate in an incredibly competitive landscape and work hard to remove any obstacles a customer may face in order to start sending email on their platform. Matters of authentication and collaborating with peers residing over DNS are often met with challenges related to change-management authority, gaps in understanding and priorities. To combat these obstacles, many sources have elected to make basic email authentication optional.
Further, with the ever-expanding adoption of marketing-automation usage, the sender may not even have a direct relationship with the source that is ultimately sending the message. DMARC exposes each of these gaps and affords domain administrators the necessary visibility to bring about improved authentication coverage. The dmarcian application has cataloged each source’s capabilities, highlights recommended changes and provides prescriptive guidance on suggested improvements.
Reporters Not Supplying Complete Information
With the DMARC technical standard, the importance for reporters to include complete information in their reports cannot be minimized. Missing information, such as DKIM selectors, can make the report less helpful in identifying legitimate emails which can lengthen the time it takes to deploy DMARC.
Better Email Is a Collaborative Effort
Beginning in the Usenet groups in the 1990s, the term “netizen” began to circulate. Michael Hauben coined the term netizen and defines it along these lines:
“These people understand the value of collective work and the communal aspects of public communications. These are the people who discuss and debate topics in a constructive manner, who e-mail answers to people and provide help to new-comers, who maintain FAQ files and other public information repositories, who maintain mailing lists, and so on. These are people who discuss the nature and role of this new communications medium.” source
Email is a unique medium. It isn’t really owned by anyone yet is used by most everyone in the developed world. It is dependent upon the good-faith, collaborative efforts of many for it to work. DMARC and its underlying technologies are also unique; they are open-source protocols that aren’t owned by anyone and increase the reliability of email.
We all benefit from better email; ultimately, it is in everyone’s best interest (sources, businesses, governments and individuals) to adopt a good netizen attitude toward it. Only through cooperation, collaboration and education will the dependability, trustworthiness and longevity of email be ensured.
dmarcian strives to make email safer by expanding the knowledge and awareness of DMARC. If you need assistance with your DMARC project, let us know. If you haven’t begun your DMARC project, you can sign up for a no-strings attached, free trial here.