As of February 2024, Gmail and Yahoo require bulk senders (e.g. marketing mass emails using tools like Mailchimp) to have a DMARC policy in their website domain. Emails must pass DMARC alignment and meet various standards. This change is aimed at improving email security and reducing spam, as per this guide.
For charities, this means that if you send mass emails out regularly including to Gmail or Yahoo addresses, you will need to ensure that you have a DMARC policy in place. DMARC, or Domain-based Message Authentication, Reporting & Conformance, is an email authentication protocol that is designed to give email domain owners the ability to protect their domain from unauthorized use, or “spoofing.”
The DMARC protocol allows a sender to indicate that their emails are protected and secure, and tells a receiver what to do if neither of those authentication methods passes – such as junk or reject the message. DMARC removes guesswork from the receiver’s handling of these failed messages, limiting or eliminating the user’s exposure to potentially fraudulent and harmful messages.
Implementing DMARC can help protect your charity’s reputation and ensure that your emails are delivered to your supporters’ inboxes. It can also help reduce the risk of your emails being marked as spam or being blocked by email providers.
How to implement DMARC
Introducing DMARC at your charity involves several technical steps which are outlined below. Smartdesc provides DMARC as a Service for charities from start to finish at an affordable rate.
- Monitor: Start by setting up a DMARC record in your DNS with a policy of “none.” This will allow you to monitor your email traffic and see which emails are passing or failing DMARC checks without impacting your email delivery. You can use this information to identify any issues with your email authentication and make any necessary changes.
- Quarantine: Once you have monitored your email traffic and made any necessary changes to your email authentication, you can update your DMARC policy to “quarantine.” This means that emails that fail DMARC checks will be sent to the recipient’s spam or junk folder instead of being delivered to their inbox.
- Reject: Finally, once you are confident that your email authentication is set up correctly and your legitimate emails are passing DMARC checks, you can update your DMARC policy to “reject.” This means that emails that fail DMARC checks will be rejected and not delivered to the recipient.
It is important to note that implementing DMARC is an ongoing process and requires regular monitoring and maintenance to ensure that your email authentication is set up correctly and your emails are being delivered to your supporters’ inboxes.
Click here to download our DMARC Service Sheet for more information, and please do get in touch if you would like to find to find out how we can quickly and affordably implement and manage DMARC for you.
