Inbox placement is the foundation of every successful email marketing campaign.
If email deliverability decreases, so too does the effectiveness of any given email campaign. If it increases, then so too does open rate, click-through rate, and even conversion rate.
Because when more subscribers receive what you send them in their inbox, more people engage with that content (they don’t really have a chance to engage if your email goes to their spam folder or fails to get delivered altogether).
But, of course, increasing your deliverability rate is easier said than done — even though it’s a relatively simple, it can also be technical.
And DMARC is one such technicality that you should understand if you want to increase your deliverability and thus the effectiveness of your email marketing campaigns.
Let me explain.
What Is DMARC And How Does It Work?
DMARC is a relatively new initiative launched in February of 2015 by the Trusted Domain Project, a “non-profit and tax-exempt public benefit corporation in the State of California.”
The acronym DMARC stands for Domain-based Message Authentication, Reporting and Conformance. At the risk of over-simplifying the technical details (for beginner understanding), DMARC authenticates domains and reduces fraudulent emails. It accomplishes that by verifying the real owner of a domain (you) as the only approved email sender.
Think of it this way… if someone wanted to pretend to send an email from your domain, all they need to do is use your domain as their “From” email address and then come up with a fake name (email@example.com).
Without DMARC, that email would soar through servers unhindered.
But if you’d implemented DMARC before the fraudulent email was sent, then it would still send, but it would fail DMARC authentication and possibly get blocked (which is good). That is half of the power of DMARC — it stops un-verified people from using your domain to send email.
And lest you think that DMARC is solving a non-issue, consider that 64% of companies have experienced web-based attacks and 62% have experienced phishing and social engineering attacks — not to mention that the average cost of a data breach in 2020 will cost upwards of $150 million.
Okay, okay… but what does any of this have to do with your email deliverability rate?
With DMARC in place, ISP’s (Gmail, for instance) are less apt to block (or place in the spam folder) the emails you send because DMARC verifies that it’s actually you sending the emails.
Think of it like this… if someone knocks on your door at an odd time of day and you have no way of seeing who it is, then you (in this case, the ISP) are probably not going to open that door.
But if you can look out the window and see that it’s just a friend of yours (thanks to DMARC verification), then you’ll open the door without hesitation.
In other words, since DMARC verifies your email sending domain, it also makes the emails you send more trustworthy to online servers — which means fewer emails go to spam or get blocked.
Here’s how Wikipedia explains it…
“Once the DMARC DNS entry is published, any receiving email server can authenticate the incoming email based on the instructions published by the domain owner within the DNS entry. If the email passes the authentication it will be delivered and can be trusted. If the email fails the check, depending on the instructions held within the DMARC record the email could be delivered, quarantined or rejected.”
The second benefit to using DMARC is that, once you’ve verified your domain, you can opt to receive reports that will tell you what servers email has been sent from recently on behalf of your domain.
If something doesn’t look right, you can investigate the problem for yourself. This allows you to consistently monitor the security of your own domain.
Note: It’s important to note that the reports which DMARC provides from ISP’s will be sent to the “mailto” email address provided in your DNS record. These reports can be quite difficult to understand. This is the reason why it’s worth signing up for a service like EasyDMARC or Postmark, which will aggregate and make those reports far easier to read — they can also help you set up DMARC if you don’t want to try and do that on your own.
However, DMARC is not meant to be used to the exclusion of DKIM and SPF — in fact, you need to align with at least one of those (DKIM or SPF) in order for the DMARC check to “pass” verification.
What is alignment?
Alignment means having the same ‘From’ address email domain as either your DKIM domain or your return-path domain. If your ‘From’ email domain aligns with at least one of those, then you’ll pass DMARC.
Now that you understand what DMARC is, how it works, and why it’s important, let’s turn our attention to how you can set it up.
How To Leverage DMARC And Increase Your Email Deliverability
Here’s how you can setup DMARC for your sending domain and increase your deliverability.
First, the non-techy method.
The Easy Non-Techy DMARC Setup
If you’re not tech-savvy and don’t really understand how DNS records work and you don’t want to fiddle with setting DMARC up yourself, then your best bet is to sign up for a service like EasyDMARC or Postmark. Those services will walk you through setting up DMARC for your domain and make it much easier to consume ongoing DMARC reports and monitoring.
But, if you really want to setup DMARC yourself, here’s the advanced method.
The Advanced I’m-Not-Afraid-To-Do-It-Myself DMARC Setup
The basic steps for implementing and leveraging DMARC are as follows…
- Step 1: Create a DMARC record so you can start monitoring results.
- Note: First start with p=none, and then move on to quarantine emails that don’t pass the DMARC verification.
- Step 2: Identify and document what server email is being sent from.
- Step 3: For the sources that aren’t fraudulent, convert them to have DMARC align with DKIM and/or SPF.
- Step 5: Once you know that DMARC is working correctly, you can set it to reject all emails that don’t pass DMARC authentication.
Here’s a more detailed explanation…
The first thing you need to do is log in to your DNS hosting provider. Then find where you can create a new record or edit the TXT section (it really depends on the hosting provider that you’re using).
When you click to create a new record, you might see a list of options for what type of record you want to create. Select “TXT”.
In the “Name” or “Host Value” field, type in “_DMARC” and the hosting provider will likely populate the rest of that field with your domain (for example, “_dmarc.example.com”).
Note: You do not need to add DMARC for your subdomains.
Now, there are 2 tag-value pairs that are required in order to get your DMARC protocol up and running. The first one is “v” (version), for which the only tag-value pair is “v=DMARC1”. The second is “p” (policy), for which the tag-value can be “p=none”, “p=quarantine”, or “p=reject”.
Again, it’s highly recommended that you start with “p=none” so you can accurately identify email delivery problems due to the domain’s SPF or DKIM so that valid mail isn’t accidentally quarantined or rejected.
Finally, if you want to receive aggregate reports of your email’s performance, add in the “rua” tag (highly recommended). Here’s an example of that: “rua=mailto:firstname.lastname@example.org”.
To indicate where you want to receive forensic reports, use “ruf”. You can use one “rua” and one “ruf” tag in your DMARC record, but don’t use multiples of either or DMARC won’t work.
Also, be sure to separate each of these tags by semicolons.
Example of generated record:
v=DMARC1; p=reject; rua=mailto:email@example.com; ruf=mailto:firstname.lastname@example.org
Save the record and you should be good to go. You’ll just want to verify that the record is set up correctly — and you can do that for free right over here.
Note: You might want to add some additional tags to your DMARC record. Below is a description of many of the primary options.
Understanding DMARC Records
To help you further understand each piece of a DMARC record, here is a description of each tag.
- “v” — This is required in order for the receiving server to run a DMARC check on an email campaign. The only option here is “v=DMARC1”.
- “p” — This tag tells the receiving server what to do with emails that fail the DMARC check. “p=none” means the receiving server won’t take any action. “p=quarantine” means failed emails will get set aside for further processing. And “p=reject” will simply stop messages outright.
- “rua=mailto:email@example.com” — This tag tells the receiving server where to send aggregate DMARC reports.
- “ruf=mailto:firstname.lastname@example.org” — This tag tells the receiving server where to send individual DMARC failure reports.
- “pct” — This tag indicates what percentage of the emails from your domain you want the receiving server to pass through DMARC. Typically, this will simply be “pct=100”.
- “adkim” — This tag allows you to set the DMARC protocol for your domain to strict (“s”) or relaxed (“r”). Strict alignment requires that the verified domain name and the sending domain name are identical. Relaxed alignment requires only that the high-level “Organizational Domain” match (“a.b.c.d.company.com.au” and “company.com.au” have the same Organizational Domain, for example).
The above tags can help you customize how you want DMARC to interact with your email campaigns.
It’s probably best to start with “p=none” and “pct=100” and then watch the reports to see how your emails are performing.
Once you better understand DMARC and how it impacts the deliverability of your email campaigns, you might consider changing “p” to “reject” or “quarantine” and “pct” to “10” to make sure DMARC is only stopping fraudulent emails.
Once everything seems to be working correctly, you can change “pct” to 100 and stop all forgers or phishers from using your domain to send email.
Many email campaigns have survived or died purely on the deliverability rate. With a high email deliverability rate, you can reach your prospects and increase your open rate. With a low deliverability rate, you’ll struggle to even get your marketing messages seen.
DMARC protocol is one way to increase the deliverability of your email campaigns (as well as stop others from sending emails from your domain).
Now you know what DMARC is, how to implement it and why it’s important. If you have any further questions, feel free to reach out.