The Basics of DMARC Monitoring

As more inbox providers announce testing and support for Brand Indicators for Message Identification (BIMI), every sender must prepare in advance. BIMI will enable brand logos to show in the inbox, which should benefit senders and (hopefully) enhance receiver engagement.

To use BIMI, you must not only have a Domain-based Message Authentication, Reporting, and Conformance (DMARC) record, but you must also be at DMARC enforcement (quarantine or reject). That being said, you shouldn’t switch to DMARC enforcement unless you’re confident that all of your legitimate mail is clearing DMARC. This is where DMARC monitoring comes into play.

DMARC Monitoring

The act of analyzing DMARC reports to look for unauthorized senders impersonating your domain is known as DMARC monitoring. When you first establish a DMARC record, you enter an email address where you want the DMARC reports to be sent. The reports are really helpful, yet difficult to understand. The raw DMARC reports are nothing but XML data dumps with lines of information about each email’s IP address and authentication state.

EmailAuth, a leader in zero-trust email security, offers free access to its DMARC checker tool for every customer. After you create an account, you can add your sending domain(s) and update your DMARC record so that the DMARC reports are sent to EmailAuth.

Get Started with DMARC Monitoring

Monitoring for DMARC is critical to the security of your email program. A further benefit of achieving DMARC enforcement is that you will be able to set up BIMI once it is widely deployed. In this part, you’ll discover how to use EmailAuth to monitor your DMARC records and reach DMARC at enforcement.

The first step is to create your DMARC record if you haven’t already done so.

After you’ve published your DMARC record to your domain name system (DNS), the next step is to set up your free DMARC Monitor tool account.

With DMARC monitoring, you’ll be able to see which sending services are being used to send emails from your domain, the volume of emails sent from your domain, and whether or not those emails are passing SPF, DKIM, and DMARC.

Look through the sender sources and verify each one. If you don’t recognize a sender source, it’s possible that someone else within your organization is either sending email using your domain or spoofing your domain—all in all, damaging your reputation.

Once you’ve determined that all your valid emails are passing DMARC, you may change your DMARC record to a “quarantine” or “reject” policy, commonly known as DMARC enforcement.

Even if you switch to a “quarantine” or “reject” policy, it’s critical to keep an eye on your DMARC reports. If you notice a change in your sending services, whether due to internal issues or service updates, you must have a mechanism in place to track these changes. This may be accomplished by checking the daily DMARC reports to confirm the authentication status of your permitted services and to detect any new services that may appear on these reports.

If you observe a service failing to authenticate, repeat the preceding steps to update the service or add the proper Sender Policy Framework (SPF) record and DomainKeys Identified Mail (DKIM) key for the allowed services. You’ll also need to delete the SPF or DKIM specs for any services that use them.

Major Takeaways

DMARC monitoring allows you to keep track of who sends emails from your domain, ban undesired senders, and call out to DMARC enforcement. While not a panacea, DMARC enforcement adds additional security to your email program and allows you to deploy BIMI. A little emblem of your business in the inbox may appear insignificant, but it boosts brand familiarity and helps users trust your email.

Leave a Reply

Your email address will not be published. Required fields are marked *