One basic email security fix is an effective weapon against phishing attacks on your SMB. It also protects your company’s brand and reputation by stopping scammers from imitating (or “spoofing”) your company’s email addresses to launch phishing attacks or spam campaigns.
It’s called DMARC (Domain-based Message Authentication, Reporting & Conformance).
DMARC isn’t a product; it’s an email authentication tool. It includes a set of rules you can program your email system to follow for all emails sent from your company. Chances are you’re probably not using it. Less than 18% of U.S. companies surveyed in 2019 had implemented it.
A sample from the 2019 survey by 250ok, showing how many organizations still aren’t using DMARC:
I’ll get more into the technical stuff later, but first, here are the main benefits your SMB can get from setting up DMARC:
5 Main Email Security Benefits Your SMB Can Get From Setting up DMARC:
How Does This Basic Email Security Tool Work?
DMARC — and email authentication in general — is very complicated, but basically, DMARC is a set of instructions from email senders to the servers that receive emails. DMARC code prompts the receivers to test for certain authentication settings that you’ve set up for your domain.
You can configure DMARC to tell the receiver servers what to do with emails that fail the test:
1. Send them through to recipients for now, but monitor it
2. Direct them to the recipient’s spam folder
3. Don’t deliver them at all
How to Implement DMARC
The best way to create a DMARC record for your domain depends on how your company uses email, and how much you want to get out of DMARC’s capabilities. Consider these three options:
Set Up DMARC Yourself
Set It up Through an Experienced Vendor
If you work with a general IT services provider, find out whether email authentication, including DMARC, has been set up for your company. When I’m working with a new TechGen client, I look at the firm’s email authentication settings and recommend adjustments if necessary.
If you have more than a few employees and you use email extensively — especially if you use a vendor or two that sends emails on your behalf — it’s best to have expert assistance.
For some excellent articles, videos, and presentations about DMARC, go to DMARC.org.
Have a Vendor Set It up and Monitor It for You, if Necessary
Once DMARC is enabled on your domain, you can get reports from most major email providers that show you all sources of email from your domain. Some external sources may have your permission, such as a marketing partner. Other sources may be bots or criminals.
Monitoring DMARC reports makes full use of this powerful tool. It especially makes sense if your SMB depends on extensive email marketing campaigns.
If you don’t have the in-house expertise to run and interpret DMARC reports, you can work with a vendor.
Send Only Emails the Recipients Want and Trust
It’s critical for the people and businesses you email to trust that they’re not receiving harmful or unwanted content from your company. And once you’ve lost an email recipient’s trust, you may never get it back.
That’s why it’s worth your time to at least look into DMARC and other methods of email authentication.