4 added
2 removed
Original
2026-01-01
Modified
2026-03-10
1
<p>As inbox providers work to differentiate legitimate senders and spammers from the billions of messages they receive on a daily basis, marketers are often caught in the crossfire.</p>
1
<p>As inbox providers work to differentiate legitimate senders and spammers from the billions of messages they receive on a daily basis, marketers are often caught in the crossfire.</p>
2
<p>As the volume of malicious email grows, it’s essential to make every effort to help inbox providers easily recognise your business as a legitimate sender.</p>
2
<p>As the volume of malicious email grows, it’s essential to make every effort to help inbox providers easily recognise your business as a legitimate sender.</p>
3
<p>To do this, we rely on email authentication-a crucial factor in deliverability and fraud prevention.</p>
3
<p>To do this, we rely on email authentication-a crucial factor in deliverability and fraud prevention.</p>
4
<p>The two most common methods for authenticating emails are Sender Policy Framework (SPF) and Domainkeys Identified Mail (DKIM). When authentication fails under one of these methods, a domain’s Domain-based Message Authentication, Reporting, and Conformance (DMARC) policy is checked to see what to do next with that message.</p>
4
<p>The two most common methods for authenticating emails are Sender Policy Framework (SPF) and Domainkeys Identified Mail (DKIM). When authentication fails under one of these methods, a domain’s Domain-based Message Authentication, Reporting, and Conformance (DMARC) policy is checked to see what to do next with that message.</p>
5
<p>Since its release, DMARC has been considered a best practice, but not a necessity for bulk email senders. Now, that’s all changing. Because senders who don’t have DMARC policies are much more likely to be spammers,<a>Google and Yahoo’s sender requirements</a>are collectively shifting the industry standard from best practice to absolute necessity.</p>
5
<p>Since its release, DMARC has been considered a best practice, but not a necessity for bulk email senders. Now, that’s all changing. Because senders who don’t have DMARC policies are much more likely to be spammers,<a>Google and Yahoo’s sender requirements</a>are collectively shifting the industry standard from best practice to absolute necessity.</p>
6
<p><strong>No DMARC policy, no entry into the inbox.</strong></p>
6
<p><strong>No DMARC policy, no entry into the inbox.</strong></p>
7
<p>In other words, if your emails aren’t authenticated and they fail to pass a DMARC check, they won’t land in your audience’s inboxes. As of April 1, 2024, these messages were rejected and now bounce completely from Yahoo or Google email inboxes.</p>
7
<p>In other words, if your emails aren’t authenticated and they fail to pass a DMARC check, they won’t land in your audience’s inboxes. As of April 1, 2024, these messages were rejected and now bounce completely from Yahoo or Google email inboxes.</p>
8
<h2>Why is DMARC important?</h2>
8
<h2>Why is DMARC important?</h2>
9
<p>DMARC is considered an industry best practice when protecting:</p>
9
<p>DMARC is considered an industry best practice when protecting:</p>
10
<ul><li>Your brand and domain name</li>
10
<ul><li>Your brand and domain name</li>
11
<li>Your sending reputation, which is key for email deliverability</li>
11
<li>Your sending reputation, which is key for email deliverability</li>
12
</ul><p>Think of it this way: Most marketers spend significant time and money building a brand their customers can trust. Email is part of that process. If a customer receives spam or malicious email on behalf of a brand they have done business with, this may compromise their trust in that brand and even end that relationship.</p>
12
</ul><p>Think of it this way: Most marketers spend significant time and money building a brand their customers can trust. Email is part of that process. If a customer receives spam or malicious email on behalf of a brand they have done business with, this may compromise their trust in that brand and even end that relationship.</p>
13
<p>Even worse, imagine a third party sends an email using your hard-earned reputation for a malicious purpose, like stealing someone’s identity or personal information. The consequences could extend beyond eroding trust and end up causing permanent damage to your brand’s image.</p>
13
<p>Even worse, imagine a third party sends an email using your hard-earned reputation for a malicious purpose, like stealing someone’s identity or personal information. The consequences could extend beyond eroding trust and end up causing permanent damage to your brand’s image.</p>
14
<h2>How does DMARC work?</h2>
14
<h2>How does DMARC work?</h2>
15
<p>DMARC is essentially your domain/brand’s email reputation guard dog. Its purpose is to prevent unauthorised sources from sending email on your behalf (a practice also known as spoofing) for malicious purposes, such as phishing scams.</p>
15
<p>DMARC is essentially your domain/brand’s email reputation guard dog. Its purpose is to prevent unauthorised sources from sending email on your behalf (a practice also known as spoofing) for malicious purposes, such as phishing scams.</p>
16
<p>Here’s how the DMARC authentication process works:</p>
16
<p>Here’s how the DMARC authentication process works:</p>
17
<ul><li><strong>Alignment:</strong>DMARC passes or fails a message based on how close the message “from” header matches the sending domain specified by either SPF or DKIM.</li>
17
<ul><li><strong>Alignment:</strong>DMARC passes or fails a message based on how close the message “from” header matches the sending domain specified by either SPF or DKIM.</li>
18
-
<li><strong>Policy enforcement:</strong>DMARC instructs mail servers on what to do with the message if it fails DMARC checks, defined by one of 3 possible settings:<ul><li><strong>p=none:</strong>place the message in the inbox at your own risk</li>
18
+
<li><strong>Policy enforcement:</strong>DMARC instructs mail servers on what to do with the message if it fails DMARC checks, defined by one of 3 possible settings:<strong>p=none:</strong>place the message in the inbox at your own risk<strong>p=quarantine:</strong>do not place the message in the inbox; place it in spam/junk<strong>p=reject:</strong>do not accept the message; it is likely not from the owner of the domain the email originated from, and should be bounced<ul><li><strong>p=none:</strong>place the message in the inbox at your own risk</li>
19
<li><strong>p=quarantine:</strong>do not place the message in the inbox; place it in spam/junk</li>
19
<li><strong>p=quarantine:</strong>do not place the message in the inbox; place it in spam/junk</li>
20
<li><strong>p=reject:</strong>do not accept the message; it is likely not from the owner of the domain the email originated from, and should be bounced</li>
20
<li><strong>p=reject:</strong>do not accept the message; it is likely not from the owner of the domain the email originated from, and should be bounced</li>
21
</ul></li>
21
</ul></li>
22
<li><strong>Audit mail traffic:</strong>Your DMARC record can be configured to provide reporting on who or what is sending messages on your domain’s behalf. Third-party tools like<a>EasyDMARC</a>or<a>Dmarcian</a>can manage this process to secure your domains as needed. If someone is attempting to spoof your emails or is sending unauthorised emails (like a non-customer facing department), you can identify those sources and prevent them from sending further emails.</li>
22
<li><strong>Audit mail traffic:</strong>Your DMARC record can be configured to provide reporting on who or what is sending messages on your domain’s behalf. Third-party tools like<a>EasyDMARC</a>or<a>Dmarcian</a>can manage this process to secure your domains as needed. If someone is attempting to spoof your emails or is sending unauthorised emails (like a non-customer facing department), you can identify those sources and prevent them from sending further emails.</li>
23
</ul><h2>What led to the creation of DMARC?</h2>
23
</ul><h2>What led to the creation of DMARC?</h2>
24
<p>Prior to the adoption of DMARC in 2013, the authentication methods the policy uses already existed.</p>
24
<p>Prior to the adoption of DMARC in 2013, the authentication methods the policy uses already existed.</p>
25
<p>SPF has been around, in some form, since 2000 or so. DKIM came on the scene a few years later, around 2004, for a number of major players-most notably, Yahoo and Cisco Systems.</p>
25
<p>SPF has been around, in some form, since 2000 or so. DKIM came on the scene a few years later, around 2004, for a number of major players-most notably, Yahoo and Cisco Systems.</p>
26
<p>Let’s take a closer look at SPF and DKIM to see how they work.</p>
26
<p>Let’s take a closer look at SPF and DKIM to see how they work.</p>
27
<h3>Sender Policy Framework (SPF)</h3>
27
<h3>Sender Policy Framework (SPF)</h3>
28
<p>SPF is used to authenticate the sender of an email. With an SPF record in place, inbox providers can verify that a mail server is authorised to send email for a specific domain. The SPF record resides in the DNS TXT record and contains a list of IP addresses that are allowed to send email on behalf of your domain.</p>
28
<p>SPF is used to authenticate the sender of an email. With an SPF record in place, inbox providers can verify that a mail server is authorised to send email for a specific domain. The SPF record resides in the DNS TXT record and contains a list of IP addresses that are allowed to send email on behalf of your domain.</p>
29
<p>An SPF record starts with “v=spf1”. For example, if you do a TXT lookup for “klaviyomail.com”, you will find an entry like this:</p>
29
<p>An SPF record starts with “v=spf1”. For example, if you do a TXT lookup for “klaviyomail.com”, you will find an entry like this:</p>
30
<h3>DomainKeys Identified Mail (DKIM)</h3>
30
<h3>DomainKeys Identified Mail (DKIM)</h3>
31
<p>DKIM is used to verify the authenticity of a message by using a cryptographic signature which is encrypted and added to the header of the message. When the message is received, a public key found in the DKIM record of the sending domain’s DNS is used to decrypt the DKIM signature and authenticate the message.</p>
31
<p>DKIM is used to verify the authenticity of a message by using a cryptographic signature which is encrypted and added to the header of the message. When the message is received, a public key found in the DKIM record of the sending domain’s DNS is used to decrypt the DKIM signature and authenticate the message.</p>
32
<p>A DKIM record resides in a special location under the TXT records. In our example, you can find the DKIM record under the “kl._domainkey” subdomain:</p>
32
<p>A DKIM record resides in a special location under the TXT records. In our example, you can find the DKIM record under the “kl._domainkey” subdomain:</p>
33
<h2>How to authenticate with DMARC</h2>
33
<h2>How to authenticate with DMARC</h2>
34
<p>A DMARC record shows up within the TXT records of the _dmarc subdomain and starts with “v=DMARC1;”.</p>
34
<p>A DMARC record shows up within the TXT records of the _dmarc subdomain and starts with “v=DMARC1;”.</p>
35
<p>For example, if you do a TXT lookup for “_dmarc.klaviyomail.com”, you will find an entry like this:</p>
35
<p>For example, if you do a TXT lookup for “_dmarc.klaviyomail.com”, you will find an entry like this:</p>
36
<p>There are different steps for authenticating DMARC, though, depending on the DNS host. Find specific instructions based on<a>your DNS host here</a>.</p>
36
<p>There are different steps for authenticating DMARC, though, depending on the DNS host. Find specific instructions based on<a>your DNS host here</a>.</p>
37
<h2>Why DMARC is now table stakes for marketers</h2>
37
<h2>Why DMARC is now table stakes for marketers</h2>
38
<p>The world of email is quickly moving to a place where no authentication effectively guarantees your message will be rejected.</p>
38
<p>The world of email is quickly moving to a place where no authentication effectively guarantees your message will be rejected.</p>
39
<p>At Klaviyo, in line with industry best practices, all senders must implement SPF, DKIM, and DMARC records. This, in turn, equips senders with the technical set-up necessary for meeting the recent requirements outlined by Yahoo and Gmail-which means you can rest easy, and focus on other areas of deliverability and marketing best practices.</p>
39
<p>At Klaviyo, in line with industry best practices, all senders must implement SPF, DKIM, and DMARC records. This, in turn, equips senders with the technical set-up necessary for meeting the recent requirements outlined by Yahoo and Gmail-which means you can rest easy, and focus on other areas of deliverability and marketing best practices.</p>
40
<p>All Klaviyo customers, large and small, should have a DMARC policy for their brand’s domain. Even if you are not sending enough email to be classified as a “bulk sender” under Yahoo and Google’s new sender requirements, your business is growing-and it’s best to be prepared ahead of time.</p>
40
<p>All Klaviyo customers, large and small, should have a DMARC policy for their brand’s domain. Even if you are not sending enough email to be classified as a “bulk sender” under Yahoo and Google’s new sender requirements, your business is growing-and it’s best to be prepared ahead of time.</p>
41
<p>Do your future business a favor and get started with DMARC now.</p>
41
<p>Do your future business a favor and get started with DMARC now.</p>
42
<h3>Related content</h3>
42
<h3>Related content</h3>
43
<ul><li><a>Understanding email authentication</a></li>
43
<ul><li><a>Understanding email authentication</a></li>
44
<li><a>Your complete guide to email deliverability: avoid the spam folder for maximum engagement</a></li>
44
<li><a>Your complete guide to email deliverability: avoid the spam folder for maximum engagement</a></li>
45
<li><a>Google + Yahoo’s new sender requirements: how to optimise your strategy</a></li>
45
<li><a>Google + Yahoo’s new sender requirements: how to optimise your strategy</a></li>
46
-
</ul>
46
+
</ul><p>Power smarter digital relationships with Klaviyo SMS.</p>
47
+
<p><a>Get started</a></p>
48
+