Category: DMARC

As an email marketer, your primary objective is to get your message across to your target audience. However, despite creating compelling email campaigns, if your emails end up in the spam folder, all your efforts would have been in vain.

That’s where email deliverability comes in. Email deliverability refers to the ability of your emails to land in your subscribers’ inboxes. Previously we have discussed the more established methods of authentication, but one of the latest technologies that can enhance email deliverability is BIMI (Brand Indicators for Message Identification). In this article, we’ll explore what it is and how it works.

What is BIMI?

BIMI is an email authentication protocol that leverages brand logos to authenticate the sender’s identity, which builds upon the DMARC (Domain-based Message Authentication, Reporting, and Conformance) standard, which enables email clients to authenticate the sender’s domain name.

It allows email marketers to display their brand logo alongside email messages in the recipient’s inbox, subject to the email passing DMARC authentication, adding an additional level of protection.

Bimigroup.org have a great set of resources including an implementation guide along with supporting documents that they keep up to date.

How does it work?

First you must establish DMARC authentication for your domain name, with the policy set at least to ‘quarantine’.

And remember! DMARC requires that SPF or DKIM has been implemented correctly as a standard so that’s two layers of protection that are required in order to proceed.

After setting up DMARC, you can generate a BIMI record that specifies the location of your brand’s logo. This record is then publicly available in your domain’s DNS (Domain Name System).

The recipient’s email client verifies the sender’s DMARC record whenever an email is transmitted. If the email passes, the email client then searches for a BIMI record in the sender’s DNS, and if found, the email client exhibits the sender’s logo and the email message.

Why use BIMI?

First and foremost, it enhances email deliverability by improving the sender’s reputation and trustworthiness, aided by the fact that it requires SPF or DKIM and DMARC to succeed.

Also, you increase brand recognition and recall by displaying your brand logo in the recipient’s inbox, and this can in turn help improve your email open and click-through rates.

The resulting improvement in engagement can also lead to better deliverability providing other best practices are also maintained.

Lastly it can also help prevent email phishing attacks as it provides an extra method for verifying the sender’s identity.

BIMI and the SPF Vulnerability

What sounds like a bad children’s book is actually a serious case for making sure that you have authentication implemented correctly.

In June, 2023, a security architect named Chris Plummer was able to send an email that appeared to come from UPS, managing to trick gmail to include the UPS logo and blue check.

The official statement clarifies that the issue stems from a vulnerability that can occur if SPF is not implemented or if it has been implemented incorrectly. Gmail made some changes as a result and now DKIM is a necessary requirement as a part of your DMARC alignment, where previously SPF was also acceptable.

Conclusion

BIMI is a cutting-edge technology that can significantly enhance email deliverability. You can boost brand recognition and recall by showcasing your brand logo in the recipient’s inbox, heighten email open rates and click-through rates, and thwart email phishing attacks. As an email marketer, it’s prudent to implement it to stay at the forefront and enhance the efficacy of your email campaigns.

Nobody wants to be scammed. We all want to improve subscriber engagement and deliverability that is the best it can be. Get in touch with InboxWizards today, and we can help you set up authentication correctly, troubleshoot any existing problems you might have and monitor your deliverability, ensuring that any future issues are dealt with quickly and effectively.

Ensuring successful email delivery is critical for any email marketing campaign. However, many marketers may face challenges when comprehending the technical components of email deliverability. DMARC, which stands for “Domain-based Message Authentication, Reporting, and Conformance,” is one aspect that marketers need to be familiar with. In this piece we delve into what it is, its significance and impact on email deliverability.

What is DMARC?

DMARC is an email authentication protocol that is used to prevent fraudulent emails from being delivered to the recipient’s inbox that builds upon SPF & DKIM, requiring that at least one of them is implemented as a prerequisite.

SPF allows email senders to specify which IP addresses are authorised to send emails on behalf of their domain.

Additionally, DKIM, the email authentication method that uses a digital signatures to authenticate emails. The signature lets the receiver know that a message was sent and authorised by the owner of a domain, offering yet another level of security.

If you need more information regarding how DKIM works, our article can help you get started.

DMARC is the next layer of protection by adding further parameters that ESPs can check in order to confirm that the email is authentic. In order for an email to be considered authentic it requires that SPF alignment passes as a minimum and can be set up to check for DKIM alignment as well.

It should be pointed out that Google recently made changes to their requirements choosing DKIM as a prerequisite after an issue arose with SPF, which we cover in our article under the risks of an incorrect setup.

For a full list of resources linked to the implementation of DMARC visit the official DMARC.org website.

Why does DMARC matter?

It is crucial in ensuring email deliverability and protecting your brand’s reputation and it’s worth mentioning that German ESPs have recently placed greater importance on having it implemented.

First of all, it enables email service providers (ESPs) to determine which emails are legitimate and which are not. This allows ESPs to make better decisions about which emails to deliver to the inbox and which to send to the spam folder, and what emails to block and reject completely.

As a result, one of the primary benefits is its ability to prevent spoofing and phishing attacks, whereby hackers or cybercriminals send an email using your brand’s domain in order to, essentially, trick people into handing over their money.

It goes without saying that would be detrimental to your business’s reputation.

Also, as your customers’ personal information is protected against such attacks, it is important for compliance with regulations such as GDPR, which requires that you take steps to protect their data.

Although when operating in the EU, RUF reports are not GDPR compliant as they can contain PII (Personally Identifiable Information.)

To set it up for your domain, you must create a record in your DNS settings.

What does a DMARC record look like?

Like SPF, it requires a TXT record be added to a domain’s DNS (Domain Name System) settings. It contains various tags that define the policy and reporting options for the domain. A typical record looks like this:_dmarc.example.com. 3600 IN TXT “v=DMARC1; p=none; rua=mailto:rua@example.com; ruf=mailto:ruf@example.com; fo=1”

Here’s a breakdown of the components in the example DMARC record:

1. _dmarc.example.com.: This is the record’s location in the DNS, which is created as a subdomain under the primary domain (in this case, example.com).
2. 3600: This is the Time to Live (TTL) value in seconds, which determines how long the record should be cached by DNS resolvers.
3. IN TXT: This indicates that the record is an Internet (IN) class TXT (text) record.
4. “v=DMARC1;: The v tag specifies the version.
5. p=none;: The p tag defines the policy for handling emails that fail DMARC checks. In this case, none means no specific action should be taken. Other options are quarantine (to mark the message as spam or suspicious) and reject (to reject the message entirely).
6. rua=mailto:rua@example.com;: The rua tag specifies the email address to which aggregate reports (RUA reports) should be sent.
7. ruf=mailto:ruf@example.com;: The ruf tag specifies the email address to which forensic reports (RUF reports) should be sent.
8. fo=1: The fo tag defines the conditions for generating forensic reports. In this case, 1 means to generate a report if either SPF or DKIM fails.

There are additional, optional tags that can be included in a record, such as adkim, aspf, pct, and sp, to further customise the policy and reporting options. The tags should be separated by semicolons and enclosed in the double quotes within the TXT record.

Report Types

There are two types of reports, known as RUF (Report Using Forensic) and RUA (Report Using Aggregate), they contain data about email authentication results, including information about emails that failed SPF, DKIM, and DMARC checks. These reports help domain owners monitor their email traffic and detect potential issues or malicious activities.

Conclusion

DMARC is an essential aspect of email deliverability that helps to prevent spoofing and phishing attacks, improve email deliverability, and ensure compliance with regulations. It helps you protect your brand’s reputation and improve the effectiveness of your email marketing campaigns.

We offer a full range of deliverability services, including DMARC monitoring packages to ensure that your domain is fully protected and optimised, contact InboxWizards to discuss your requirements with an expert.