Request a Call
Online Chat
 
Knowledgebase:
What is DMARC & Email Authentication?
Posted by Dave Zulu, Last modified by Dave Zulu on 24 March 2017 06:05 PM

Email authentication is a series of technical steps to authenticate the origin and legitimacy of email for the prevention of fraud (spoof, phishing) and SPAM. It is a cornerstone component of email deliverability (see the Zulu eDM Email Deliverability Whitepaper).

It is our view that indiscriminate e-blasting, SPAM and illegal email has contributed to the creation of the third and most difficult to implement standard, DMARC.

DMARC aligns two existing DNS records with the HEADER.MAILFROM email domain i.e. the “From or ­­­­Sender” address designated in Zulu eDM.

Google has made it simple for us to understand and see the authentication:

Zulu eDM DMARC Options

We have a variety of DMARC enable options available which include:

  • Using your own domain
  • Using your own domain on dedicated IP addresses (recommended)
  • Franchise domain and multi account options are available
  • Using your own domain on leased dedicated IP addresses (enterprise option only)

Technical Reference - How it works

For ESP’s (email service providers) to provide bulk email delivery and the associated intelligence we use the SMTP.MAILFROM (commonly referred to as the return path) as the originator of the mail.

This has commonly been a shared email address such as no-reply@zuluedm.com in the early days the Return Path was verified using a text based DNS record called the SPF record. The first Authentication record (Pass) shown in Screen Shot 1.

Fraud continued and we moved to DKIM and Domain Keys, which as the name suggested uses a Private Key and Public Key (again a text record stored in the DNS). This did not necessarily have to align with SPF, the second Authentication record (Pass) shown in Screen Shot 1. It is important to note that to align the SPF and DKIM ESP’s use a trick called “sender” MAILFROM:SENDER to align both keys and allow the MAILFROM to be the organisations domain. The following example would result in SPF Pass and DKIM Pass but DMARC fail.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Date: Wed, 2 Nov 2016 17:51:25 +0800 (WST)

Return Path: no-reply@au.zuluedm.com

From: The eDM Factory <clientservice@theedmfactory.com>

Sender: Zulu eDM <no-reply@au.zuluedm.com>

To: support@au.zululabs.com

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

The following would result in all three authentications passing:

Date: Wed, 2 Nov 2016 17:51:25 +0800 (WST)

Return Path: no-reply@au.zuluedm.com

From: The eDM Factory edmfactory@zuluedm.com (DKIM now set by

To: support@au.zululabs.com

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Things to consider

If DMARC is implemented this may affect all email that does not emanate from your mail servers or from DMARC compliant systems (such as Zulu eDM).

For example: your website may send email using yourdomain.com but may not route through your mail servers and therefore with DMARC set it could possibly cause email to fail.

You may use Google apps or others apps that rely on email which uses yourdomain.com as the mail sender which may fail.

We strongly suggest an email audit and to speak to our consultants.

  • You may consider a subdomain strategy – speak to one of our consultants.
  • Set DMARC to “reject” and this will maximise your reputation and improve deliverability. It will not mitigate SPAM, unsolicited email.

Zulu eDM is the World’s first FREE to Enterprise platform that now offers the World’s best deliverability options. Protect your brand and delivery to drive more results by speaking to one of  our consultants now.

(1 vote(s))
Helpful
Not helpful

Comments (0)

Copyright Zulu Labs Global Pty Ltd, 11 William St Cremorne VIC, Australia 3121. Ph +61 3 9001 1590