Why You Need DMARC — Even If You Have SPF and an SEG

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a fairly new internet standard and to some, it’s not quite clear where it fits in — or if it’s even needed. Two of the most common reasons for not using DMARC are “We already have SPF,” and “Our SEG already does this.”  

In these two quick videos, our industry experts discuss how DMARC builds on SPF (Sender Policy Framework) and how it provides layered protection when paired with an SEG.

These videos are part of our Why’s Up series — a collection of short, 1-2 minute videos in which Valimail’s experts explain the basics of email and email authentication. Subscribe today!

Let’s start with SPF and why this Internet standard alone cannot provide impersonation protection.

SPF uses a whitelist to manage approved senders, which means that only mail from whitelisted senders will authenticate with SPF authentication. But SPF uses the domain from a message’s Return-Path for authentication, not the "From:" address that humans actually see.

As the first standard for domain-based authentication, this is an important cornerstone (and a critical piece) of email authentication but leaves a critical piece of the email header open to impersonation. That’s where DMARC comes in.

Industry veteran and Valimail Director of Industry Initiatives Seth Blank explains:  

So, why do you need email authentication AND an SEG?

The short answer is that email authentication and an SEG do something similar: They both are designed to ensure that mail that gets delivered is safe for your end user.

However, to achieve this goal, they use two separate techniques. An SEG filters messages based on content, while email authentication identifies and verifies the sender.

William Stephens, Valimail’s VP of Product, covers the topic:  

Interested in learning more about email authentication? Check out the full YouTube series, Why’s Up: Answering the “Why’s” of email authentication.