A section of those emails will be sent from an email delivery platform, like Flowmailer. Some are sent from other sources, such as your email marketing solution, ERP or invoice system. With Flowmailer's domain reports, you gain insight into all these flows. Even if you're not sending them from our platform. To do so, DMARC compliance is necessary. What DMARC is, you're wondering? In this chapter, we'll show you what DMARC is and how to get compliant.
The DMARC protocol
To effectively prevent phishing from your domains, DMARC is a protocol senders use to authorize their emails. Using DMARC, the receiving party can check if a specific message has been authorized by the so-called sender and has not been changed on its way there. Three techniques are used for this:
- SPF: checks the sending party's IP address
- DKIM: checks the email's content using a cryptographic signature
- DMARC: compares SPF & DKIM with the email sender's authorization settings
Senders can opt in for reports on the DMARC compliance of their email resources. Those reports also mention any detected spammer's attempt to send spam or phishing on behalf of your company's name.
To get more grip on your email communication, there are two things our domain reports provide insights on. One is the number of parties using your company name to send emails. The other tells you if these parties are using technically correct systems to send their emails.
Getting started with DMARC and domain reporting
By creating a DMARC record with a so-called "none" policy first, you're making sure reports will come in. Email flows that are not compliant will be delivered as they were before. None (hence the name) will be lost. The presence of a DMARC record - even with a none policy - could increase your email delivery rate, since you're telling the world you are actively protecting your domains. The sole purpose of a none policy is reporting.
As soon as you created a DMARC record, DMARC reports will show up in your Flowmailer account. This will tell you what sources are mailing from your domains and if these sources are DMARC compliant. Domain reports will appear as soon as Flowmailer receives these DMARC reports. This requires registration of all your sender domains within Flowmailer. When you've configured Flowmailer's DKIM authorisation, reports are shown.