DMARC Email authentication has changed email delivery rules and technical administrators must have a clear email authentication rollout strategy
Implementing a compliant DMARC DNS entry that protects your domain from SPOOF attack and therefore reduces organisational risk will adversely effect your email reputation if not implemented correctly. Being the first email service provider to have mandated DMARC in 2017 we have had more experience than most so we wanted to share this guide to help you on your journey.
Email Reputation Management
Anti-SPOOF or DMARC email authentication has changed email delivery rules. Moving forward you need to have a clear technical email strategy. Our Email Audit Serivce upon reviewing your email configuration, authentication and applications (that send email) will provide your organization with a clear set of technical email recommendations to maximize reputation and delivery.
Technical Email Strategy Tips:
Sign up to Trusted Sender Network to run your DMARC Reports Analyzer and use the guides to help secure your domain and authenticate your domain correctly. Trusted Sender Network has three options:
- Cyber Tools Only - This includes domain and MX Tools including Free DKIM Wizard, WHOIS / RDAP, SPF Analyzer plus much more. This tool is free
- Self Managed Account (free subsciption available)
- Multi-Account, designed for Managed Service Providers (MSP) and multi-national organizations (free subsciption available)
Put as much mail through one source as possible (not via the MX). For example notifications, invoices, web sign-ups, Apps, campaigns etc should all go through an MTA. By splitting these functions you are reducing the consistency of regular email and by doing so you are making it very easy for email administrators to block or disregard your email.
The mail receivers don’t like campaign only email sources, it will hurt your domain reputation or at very least it will fluctuate and confuse analysis. By having too many sources of email you will not be able to pinpoint where reputational damage is occurring.
style="margin-top:15px;margin-bottom: 15px;"We do NOT recommend a dedicated IP address for under 750,000 million emails per month. Even then 1.5 million makes more sense. Why? Because when you have a dedicated IP you should use RDNS and that means you must register and manage the feedback loops etc.
Finally, do an audit of your apps and make sure you can route the emails via an SMTP gateway that is connected to your campaign platform, try and avoid CNAME SPF as it oftem causes SPF errors.
Too many email sources will hurt your email reputation.