In the last couple of days, two friends from two different companies from two different cities reached out to me with a similar issue. Emails sent from their corporate accounts are getting bounced (rejected), or delivered to the spam/junk folder. The reason – there were many emails sent from these corporate email domains in the past and are identified as spam. But they claim no such emails were sent from their systems.
It seems there were a lot of spoof emails sent impersonating as these domains due to which the sender reputation of the domains took a hit. When the sender reputation of the domain is low, email providers who receive the emails from these domains deliver them to the junk folder or worse they are bounced or rejected as it is happening in one of the cases here.
These domains have DMARC enabled, but the policy is set to None. Which means even though the email providers who received the spoof emails knew they are impersonating as these domains, they had to deliver the emails due to the DMARC policy. Because of the large volume of spoof emails being received from these domains and delivered, email service providers reduced the reputation of the domain. They even started delivering genuine email received from these domains in spam/junk folders.
These companies did not monitor the DMARC reports and were not aware of the spoof email attack.
If the DMARC policy of these domains were set as Reject, the spoof emails would have been rejected keeping the sender reputation intact.
So, if you are thinking implementing DMARC does not bring any value to add to your organization, then think again. Not implementing can cripple your email communication.
Implementing DMARC is not a simple task. It is a journey. First, you need to set the DMARC policy as None to start getting the reports and then analyze them. There was this company which implemented DMARC with reject policy straightaway. Some emails sent from their third-party service provider began to bounce as they failed DMARC because the IP addresses were not present in the SPF record and the emails were not DKIM signed.
There are many organisations such as Rediff.com provide the DMARC Analysis dashboard for a subscription. These analysers parse the DMARC reports and show the IP addresses from where emails are sent on your behalf and if they are passing or failing SPF or DKIM or DMARC.
Then proper modifications can be made to the SPF and DKIM settings as needed. When all the email sent by you and your third-party on your behalf are passing DMARC, the policy can be changed to Quarantine and then Reject – the ultimate goal of DMARC journey.