Using DMARC For More Than Spoofing and Phishing

By now you’ve probably heard me talk about DMARC more than once here on EmailKarma.  You’ve maybe even seen one of the many reports I’ve written about it for 250ok, like this latest one ‘Multi-Industry DMARC Adoption 2018‘. But what if I also told you DMARC is more than just a tool for finding out if your brand is being phished or spoofed, or your authentication is broken?

DMARC can also be used to audit your brands sending inventory, if you have internal infrastructure not under your IT’s control. Understanding if there are abandoned automation tools running or if you have staff operating outside of your standard marketing channels is critical to truly understanding your sending practices. DMARC also helps with email delivery, reputation and overall marketing performance of email messaging.

DMARC reporting can also be used as a way to validate and audit your own mailings for compliance with anti-spam laws like Canada’s Anti-Spam Law (CASL) and GDPR. Knowing where all your email originates from is a great starting point to ensure your templates have all been upgraded to include the proper postal addresses, contact information and functional unsubscribe links.

See the example below from a recent event:

Turn on DMARC to see who really sends mail on your behalf. One client of @inboxpros thought they were using 3 ESPs, the DMARC reports showed that there were 18 ESPs sending for them. #foe2018— Mike Hillyer (@MikeHillyer) August 7, 2018

Part of your compliance efforts depend on documenting your legitimate behaviours and being able to distinguish them from illegitimate activities being carried on in your brand’s name. By implementing DMARC, reviewing and updating your authentication, segmenting your mail streams by subdomains and monitoring the activities you can stay ahead of compliance efforts. This is also a great way for compliance teams to understand the legitimate mailing patterns of a business and look for traffic that is abnormal of out of the ordinary in a proactive manner.

Author: Matt V - @emailkarma

Matthew Vernhout is a digital messaging industry veteran and Certified International Privacy Professional (Canada) (CIPP/C) with nearly two decades of experience in email marketing. Matthew is 250ok’s Director of Privacy, and he is currently the Vice Chair of the eec, after serving for several years as the Chair of their Advocacy Subcommittee. Matthew was recognized as the 2019 eec thought-leader of the year.

Share This Post On


  1. The Top Email Marketing Influencers to follow in 2019 - The Ultimate List - […] Using DMARC for more than Spoofing and Phishing […]

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.