A big thank you to everyone who joined us for our recent Product Tips and Tricks webinar, hosted by Kenneth Schwartzman, Wendy Bloechle, and Al Iverson, where we shared the current state of DMARC adoption, walking you through Valimail Monitor and Enforce, and answered many of your questions.
Did you miss it? If you weren’t able to attend, don’t worry! We’ve got a recording and recap below.
Brief overview of the webinar
Our webinar started with a very brief review of what DMARC is, followed by a quick explainer of why DMARC matters from both a deliverability requirements perspective and a security perspective. After an update on the latest Gmail CMC/BIMI changes, Kenneth Schwartzman took center stage and walked us through what the DMARC journey looks like, what the benefits are of Valimail Monitor and Enforce, and topped it all off with a live demo, walking through DMARC data and reporting in our platform live.
In the demo, we start by showing our map of the world, with an overview of geolocations and sources of legitimate and suspicious observed mail. We explain how we can surface up the services sending mail as your domain, how it is easy to authorize or de-authorize those sending services, and how to manage email authentication for those services, enabling you to move to DMARC enforcement quickly and easily. We talk about how to move on up from DMARC enforcement to add BIMI logo support and what alert monitoring functions are available to you, including alerts for new sending services, DMARC policy changes, new suspicious sending, and more. You can try Valimail Monitor for free.
Finally, we answered as many questions as possible during our Q&A. We won’t reproduce the ones from the video here, but please allow us to share some additional questions (and answers) that were asked during the webinar.
Webinar Q&A
Can you tell us a little about how DMARC works?
Our website provides detailed information on DMARC and email authentication protocols like Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and more. This article specifically answers the question, “What is DMARC?”
I looked into BIMI before the trademark requirement was dropped—awesome! Certificates come with a significant cost, though. Are there better options for the certificate? Is there only one VMC provider currently?
Currently, Verified Mark Certificates (VMCs) are available from two Certificate Authorities: Digicert and Entrust. We partner with Digicert. We believe that both will also sell Common Mark Certificates (CMCs). We don’t have information on CMC pricing just yet. Stay tuned.
I signed up for your free tool a few weeks ago and have found it really helpful so far. On the “Is your Mail being delivered” report, it shows 60% of my emails “allowed through, no enforcement”, vs about 40% are “allowed through, with enforcement.” What is “enforcement” in this context?
Having a domain at enforcement means that you have a DMARC policy of quarantine or reject. Only these two policy settings will cause unauthenticated email to go to the spam folder or be rejected.
What are the complementary services we should use with Valimail?
There are just too many cool solutions for email security and deliverability to list them all. One we suggest you check out is Aboutmy.Email from Word to the Wise is a free tool that performs a suite of checks relating to email authentication, DMARC policy, updated sender requirements, and deliverability checks.
What effect does moving from DMARC=none to DMARC=quarantine or reject have on deliverability? It looks like 80% of domains have a policy set to none. I care about phishing and spoofing a lot, but I care about deliverability even more!
We care about both phishing/spoofing and deliverability and think that you should, too!
While DMARC doesn’t guarantee inbox delivery, it’s hard to get to the inbox reliably if you don’t have email authentication fully and properly configured (including SPF, DKIM, and DMARC). When it comes to policy choices, setting your domain to enforcement (meaning that you’ve published a DMARC policy of reject or quarantine) does not damage deliverability and, in fact, can help improve deliverability by preventing bad guys from spoofing your domain and damaging that domain reputation. (At the same time, enforcement protects your domain against phishing and spoofing. Falling prey to a phishing attack could be just as, or more damaging, as an email marketing deliverability failure.)
Proper DMARC implementation is a journey, where we recommend that a domain owner start with a policy of none and move up to enforcement (quarantine or reject) only after ensuring that all valid email streams have properly configured email authentication in place. If you don’t configure email authentication properly, you could be sending wanted mail that fails authentication checks. That, combined with a restrictive DMARC policy, can result in a sender accidentally telling inbox providers to reject their legitimate mail, which would be significantly damaging to deliverability success.
Can you do a deliverability webinar at some point? That would be cool too!
While DMARC is typically thought of as a security solution, it’s also a good friend of email deliverability—the two go hand in hand, and DMARC is definitely a part of deliverability success. Stay tuned, as this is on our wish list for future webinar topics.
Do you provide consultative services for startups?
We can definitely help you implement DMARC (and BIMI) properly. Please feel free to request a demo so we can discuss your specific needs.
Industry Research and Community Engagement Lead at Valimail
Al Iverson