What is DMARC and DKIM?


Put simply, SPF, DKIM and DMARC are ways to authenticate the mail server and to prove to ISPs, mail services and other receiving mail servers that senders are truly authorized to send email. When properly set up, all three prove that the sender is legitimate, that their identity has not been compromised. a

These antispam measures are becoming increasingly important, and will one day be required by all mail services and servers. ISPs and mail services, such as Gmail and Office 365, are getting more and more stringent in the types of email they’ll accept, so having all three checks configured ensures that email gets delivered and isn’t rejected outright or otherwise delayed.

DKIM

DKIM is an acronym for “DomainKeys Identified Mail”. It’s also known as “email signing”. Just like an SPF record, DKIM is a TXT record that’s added to a domain’s DNS. And if SPF is like a return address on a letter, DKIM is like sending that letter via Certified Mail as it further builds trust between the sending server and receiving server. That’s because DKIM’s intent is to prove that the contents of an email message haven’t been tampered with, that the headers of the message have not changed (e.g., adding in a new “from” address) and that the sender of the email actually owns the domain that has the DKIM record attached to it. (Or is at least authorized by the owner of the domain to send emails on their behalf.)

DMARC

DMARC is an acronym for “Domain-based Message Authentication, Reporting and Conformance”. It’s an email authentication, policy and reporting protocol that’s actually built around both SPF and DKIM. It has three basic purposes:

  1. It verifies that a sender’s email messages are protected by both SPF and DKIM,
  2. it tells the receiving mail server what to do if neither of those authentication methods passes, and
  3. it provides a way for the receiving server to report back to the sender about messages that pass and/or fail the DMARC evaluation.

Since DMARC uses both SPF and DKIM, you may wonder why it’s even necessary. Well, it’s simple: DMARC basically builds on SPF and DKIM to ensure that, when an email is received, the information contained in both records matches the “friendly from” domain (e.g., me@my-domain.com) that the user actually sees and the from address that’s contained in the message’s header. This is what the folks at Dmarcian, a company founded by one of the primary authors of the DMARC specification, call “Identifier Alignment.”


Due to the nature of email servers and configurations required by both clients and Distribion, a DMARC compliant Distributed Marketing Platform (DMP) is not setup by default. If DMARC compliance is required, Distribion will need to setup a custom DKIM for the DMP.


Requirements and Steps:

  • Distribion will need to know the domain that the DKIM key will use to sign emails
  • Distribion will use the domain to create a new custom DKIM and provide this to the client to submit into their respective DNS servers
  • After confirming the the DNS servers are configured appropriately, Distribion will reconfigure the DMP to use the specified domain that will have its own custom DKIM.

Not all email marketing systems are the same and may require extra steps and/or services to successfully apply DMARC compliance.


For more information please reach out to your Account Manager