DMARC stands for Domain-based Message Authentication, Reporting and Conformance.
It is an email validation system that protects you from spammers and hackers by not allowing them to send out unauthenticated emails from your company domain thus protecting your brand and customers.
Here is a good example of why you should implement DMARC. Imagine that spammers pretended to be representatives of PayPal and sent you an email from PayPal email address. Would you answer that email and send them the requested information? Even the sensitive one? DMARC will help you to make the right decision. Thanks to DMARC, such forged messages appearing to come from PayPal will be blocked and either immediately removed or marked as spam.
How it works
In order to set up DMARC you will need to adjust some DNS settings. After that mailing service will check whether the email is original or it is an unauthenticated fraudulent message sent from your domain. Mail services work fine with the proper setup DMARC policies.
How to set up DMARC for email notifications in your store
To send out customer and admin notifications uses the Postmark service. Our colleagues from Postmark have a great illustrated instruction on how to set DMARC policies.
In a nutshell, you will need two protecting mechanisms:
- DKIM (Domainkeys Identified Mail) that authenticates emails with help of a secret key;
- SPF (Sender Policy Framework) that checks whether the mail server may deliver emails from your domain.
You can learn more about both methods in the above article by Postmark.
Setup of DMARC policies in the store includes several steps — you will need to add several DNS records for your domain.
This instruction is necessary only to those merchants that would like to use DMARC to secure their domain’s emails and gain control of their email delivery. If you don’t want to set up DMARC policies for some reason, you won’t need to add any extra DNS records and settings as your email notifications will be sent out as usual.