Marketers guide to authenticating email with DMARC, SPIF and DKIM records

If you work in email marketing, you’ve probably heard of DMARC, DKIM, and SPF. This alphabet soup of acronyms is important but sometimes misunderstood. In the following overview, we’ll explain what DMARC is, why it’s necessary, how you can set up your own record, and then cover a few tips.

What is DMARC?

DMARC (Domain-based Message Authentication, Reporting & Conformance) is a technology that makes it easier for email senders and receivers to determine whether a message is legitimately from a sender, and what to do if it is not. In the most basic of terms, DMARC is akin to checking the credentials of your email.

DMARC is a relatively new advance in email authentication. It was created in 2011 and has since been adopted by senders and mailbox providers alike to prevent phishing and spoofing. Return Path was a founding contributor of the DMARC framework and we’re proud to have been involved from the very beginning.

Having a DMARC record for your email marketing efforts ensures that legitimate email is properly authenticating against established set standards, and that fraudulent activity appearing to come from domains under the organization’s control (your active sending domains, non-sending domains, and defensively registered domains) is blocked. Two key values of DMARC are domain alignment and reporting.

The alignment feature prevents spoofing of the “header from” address by:

Matching the “header from” domain name with the “envelope from” domain name used during an SPF check, and

Matching the “header from” domain name with the “d= domain name” in the DKIM signature.

Why is DMARC so important?

Implementing DMARC is the best way to defend your customers, your brand, and your employees from phishing and spoofing attacks.

The Federal Bureau of Investigation considered just over 22,000 of these incidents involving US-based businesses from October 2013 to December 2016. In total, they found losses approaching $1.6 billion.

That’s roughly $500 million every year being scammed, and dollar figures involved have climbed sharply—up 2370 percent between January 2015 and December 2016. And that’s just from the online gaming reported cases.

This technology can also improve how your emails look to subscribers.

 DMARC can help enable images and features from mailbox providers, such as the “from” profile image for Gmail users.

Unfortunately, the Federal Trade Commission found that less than 10 percent of top online US businesses use DMARC’s “reject” policy—the strongest available tool—to automatically block unauthenticated email.

 The study concluded that businesses who want to stop phishing and better protect their brands should implement DMARC—and with good reason.

How does DMARC interact with SPF and DKIM?

SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail) make up the DMARC process.

 To pass DMARC, a message must pass SPF authentication and SPF alignment and/or DKIM authentication and DKIM alignment. A message will fail DMARC if the message fails both (1) SPF or SPF alignment and (2) DKIM or DKIM alignment.

DMARC allows senders to instruct email providers on how to handle unauthenticated mail via a DMARC policy, removing any guesswork on how they should handle messages that fail DMARC authentication. Senders can choose to:

Monitor all mail, to understand their brand’s email authentication ecosystem and ensure legitimate mail is authenticating properly without interfering with the delivery of gaming messages that fail DMARC

Quarantine messages that fail DMARC (e.g., move to the spam folder)

Reject messages that fail DMARC (e.g., don’t deliver the mail at all)

Mailbox providers send regular DMARC aggregate and forensic reports back to senders, giving them visibility into what messages are authenticating, what messages are not, and why.

Why would you want to see this data? DMARC is the first and only widely deployed technology that can make the “header from” address (what users see in their email clients) trustworthy.

Not only does this help protect customers and the brand, it discourages cybercriminals who are less likely to prey on a brand with a DMARC record.

How can I set up my DMARC record?

InboxingPro has built in, pre-configured templates that ensure all your outgoing email passes the validation process of DMARC, SPIF and DKIM and provides ready-made code to add to your DNS records.

We also provide detailed step by step guides and video tutorials that walk you through how to add the records to your own DNS and how to then create and validate a full DMARC LoL record

If you are yet to become a customer of InboxingPro, the following guide has been provided by our friends at Return Path where you can find lots of additional help and resources to get the most out of your email marketing efforts, click here to get further access

While the implementation process can get tricky, building your record doesn’t have to be. Follow the steps below to build your DMARC record—hopefully it will take you 15 minutes or less.

1. Implement DKIM

Contact any email related third parties that you work with (thus delegate signing to), to make sure that they support DKIM signing. Some organizations would keep separate keys (selectors) for different organizational units. You will probably also have to work with your IT and security departments to go through the following checklist:

  • Identify all domains that you send as, including subdomains
  • Generate DKIM keys and create signing profiles for each domain
  • Deliver relevant private keys to any third parties
  • Publish all public keys in relevant DNS zones
  • Verify third parties are ready to begin signing
  • Turn on DKIM signing in RELAYED Mail Flow Policy
  • Notify third parties to begin signing

2. Implement SPF

Properly implementing SPF will probably be the most time consuming and cumbersome part of any email authentication infrastructure implementation.

 Because email was historically very simple to use and manage, and completely open from a security and access point of view, organizations didn’t enforce strict policies around who can use it and how.

This resulted in most organizations today not having a complete view of all the different sources of email, league of legends both internally and externally. The single biggest problem when implementing SPF is attempting to discover who is currently legitimately sending email on your behalf.

Things to look for:

  • Obvious targets—exchange or other groupware servers or outgoing mail gateways
  • Any DLP solutions or other email processing systems that may generate external notifications
  • CRM systems sending information interacting with customers
  • Various third party applications that may send email
  • Lab, test, or other servers that may send email
  • Personal computers and devices configured to send external email directly

The above list is not complete, as organizations have different environments, but should be used as a general guideline.

 Once your email sources have been identified, you may want to take a step back and clean up the list. Ideally, all of your outgoing email should be delivered through your outgoing mail gateways with a few justified exceptions.

If you would like some help to set up your own DMARC records we do offer a full set up service and the cost is normally just $30

Please send your request to and we can confirm the cost and completion time once we have access to your cpanel

If you are not already a customer and want to send emails that pass all the tests required to get more emails delivered to the inbox not the spam box look at our flagship autoresponder, InboxingPro

Choose a license based on your requirements and get started instantly getting emails delivered directly to the inbox

Please click here to get the details

This is how I get more done in half the time

Is Procrastination getting in the way of your success

According to James Clear, an expert on self-improvement tips based on proven scientific research, Procrastination is the act of delaying or postponing a task or set of tasks. So, whether you refer to it as procrastination or akrasia or something else, it is the force that prevents you from following through on what you set out to do.

Why Do We Procrastinate?

Ok, definitions are great and all, but why do we procrastinate? What is going on in the brain that causes us to avoid the things we know we should be doing?

This is a good time to bring some science into our discussion. Behavioural psychology research has revealed a phenomenon called “time inconsistency,” which helps explain why procrastination seems to pull us in despite our good intentions. Time inconsistency refers to the tendency of the human brain to value immediate rewards more highly than future rewards.

The best way to understand this is by imagining that you have two selves: your Present Self and your Future Self. When you set goals for yourself — like losing weight or writing a book or learning a language — you are actually making plans for your Future Self. You are envisioning what you want your life to be like in the future. Researchers have found that when you think about your Future Self, it is quite easy for your brain to see the value in taking actions with long-term benefits. The Future Self values long-term rewards.

Now unlike James, I am not an authority in any way and I struggled and still do struggle at times with procrastination in my own life, I seem to have so much to do at any one time I sometimes don’t know where to start and that can be incredibly demotivating, stressful and downright annoying!

You can find a few schools of thought about the best way to tackle Procrastination and I suppose there is no right and wrong way to deal with it but here is what I do, and it works for me

Putting a system of some sort in place is key

So first up, getting the mindset right is key to working successfully online, you can waste so much time checking your emails, Facebook, Twitter etc that days can come and go with no real results achieved so allocate a period each day to check the essential platforms like email, Facebook, or any website that you can promote using a digital marketing agency you can find online. and the turn everything off, especially the phone ping

I like to spend 5 minutes at the end of each day and set out my work for the following day, it’s a great way to start a new day with a clear concise work plan that you know can be completed in the time you have allocated

I used to sit down each day and compile a “to do” list that would finish up including everything I could think of that I needed to do and of course this never ever got completed

Now, I make sure I list only what I can achieve realistically in the time I have available the following day, this is not an overall to do list, it’s the tasks for the next day only that are important

Next allocate importance to the tasks you have listed

The most important task and the thing you do first is something that can produce a sale or generate revenue and then list in order or importance, so writing a blog post would not come before writing a broadcast email to your list that can make sales

Next allocate a time slot per task, if you are working all day you can allocate in terms of hours, if you only have a couple of hours spare adjust the time accordingly. I for example, work for Home Care Assistance Cincinnati, so I have to do all sorts of chores around the house for the people in my care. If I didn’t allocate time correctly, then tasks would begin to pile up on me, eventually getting out of hand.

Get a timer or alarm clock and set it to the time slots you have allocated per task

Work with no distraction for the duration of the time allocated and when the alarm rings finish

You can take it further to really regiment your day, allocate time to eat, relax, workout, whatever you want to achieve simply needs to be in the daily plan

As an example, I had put off going to the gym because of my workload but once I had applied this routine, I found I could allocate 90 minutes each morning and still manage to do more work than I had ever done previously so whilst a simple plan, it can have a massive positive affect

You will be amazed at the amount of work you can get done and once you see the results its very easy to adopt this mindset

You can find other systems or daily steps to follow and the most well know are the Ivy system

The Ivy system was developed by a man called Ivy Lee who was a highly-respected productivity consultant

Here is the system he developed in the 1920s

At the end of each work day, write down the six most important things you need to accomplish tomorrow. Do not write down more than six tasks.

Prioritize those six items in order of their true importance.

When you arrive tomorrow, concentrate only on the first task. Work until the first task is finished before moving on to the second task.

Approach the rest of your list in the same fashion. At the end of the day, move any unfinished items to a new list of six tasks for the following day.

Repeat this process every working day.

You can also get more information on this system here

Finally, the master entrepreneur Warren Buffet also has a plan that clearly works for him, if you want to check out his system click this link

Let me know your thoughts and if you use any other system to get more things done let me know

Its always great to get feedback so leave a comment below, also remember that is very important to get enough rest, make sure you sleep with the mongolian fur pillow amazon for a few hours every day

1 4 5 6