You configured all your email senders. SPF, DKIM and DMARC seem to be well-tuned. Email compliance appear to be good. Email is being delivered and most email appears to make it to your customers’ inboxes. Open rates look reasonable. You’re done, right?
Steps to a “Complete” Email Delivery posture
To get to an optimal email delivery posture, you need to finely tune the components of your email senders.
- Identify all your email senders. Who is sending email on behalf of your domain? This may sound trivial, but it’s not. IT setup your main outbound servers, but is Marketing using Marketing Automation, Sales using a CRM, or Order Management a separate Invoicing and Order Fulfillment system?
- Include all your senders in your SPF. If not, most inbox providers will automatically deny your email. Google, Office365, Yahoo! and many other inbox providers automatically refuse email if the sending domain’s SPF record does not include the sending servers.
- Setup DKIM on all your email senders. DKIM allows you to cryptographically sign your emails so recipients know they are from you.
- Setup a DMARC record and direct RUA and RUF to a service, like MxToolbox’s Delivery Center, that can analyze and provide feedback on DMARC compliance.
- Monitor DMARC compliance across your senders. This may mean revisiting steps 1, 2, 3 & 4 as you discover new senders or the configurations need updating.
- Gradually change your DMARC policy from None to Quarantine to Reject. Stricter policies will help prevent fraud and phishing using your domain which will improve your overall email deliverability.
I’m at a Strict DMARC Policy, I’m done. Right?
Nope! Strict policies will help prevent fraud and phishing using your domain, but this can also deny legitimate email from new or misconfigured sources.
You need to have an on-going maintenance plan.
- Regular monitoring of SPF, DKIM and DMARC configurations. If your senders change their configurations, it can cause issues with your email delivery.
- Regular monitoring of your senders blacklist status. If you or your senders are blacklisted, then your email will be blocked before ever reaching an inbox.
- Regular monitoring of SPF, DKIM and DMARC compliance rates. A low compliance rate means that legitimate email may be blocked.
- Adoption of new technologies as they arise. For example, BIMI, ARC or VMCare beginning to be adopted by inbox providers and email senders.
- Regular monitoring for new email senders. Some of these may be emerging threats to your brand while others may be legitimate senders adopted by other departments without your knowledge.