DMARC and Email Deliverability

A retail client recently approached us with a challenge: can Macktez help them to deliver 3-5 million emails a month to verified subscribers from multiple platforms without getting tagged as spam?

Why is that so hard? Well, a lot has changed in the world of technology in the past four decades, but the current protocols for sending and receiving email, solidified in the 1980s, have not.

That leaves a lot of room for mess, misuse, and misunderstanding for those of us trying to separate the signal from noise in our own inboxes as well as for organizations that rely on large email campaigns to reach their customers and drive business.

Google and Microsoft in particular have been attacking that first problem aggressively, flagging email they recognize as spam or phishing attempts and encouraging users to take cybersecurity seriously.

But what about organizations like our retail client that legitimately need to send a high volume of email, want to make sure that email is delivered, and want to make sure that no one is sabotaging their online identity with spoofs and malicious content?

The answer involves a number of acronyms and backend services as well as continued human attention to manage and monitor configuration changes. The tools involved are useful for any organization concerned with its online reputation, but especially impactful for any with high-volume email requirements.


First, the acronyms:
– SPF (Sender Policy Framework) is a protocol for letting the world know what outgoing mail servers are allowed to send email from your domain.

– DKIM (Domain Keys Identified Mail) is a protocol that proves an email that says it came from your outgoing mail server really did.

– DMARC (Domain-based Message Authentication Reporting and Conformance) is a protocol that leverages SPF and DKIM to produce detailed reporting on all email associated with your domain name, and then lets you send specific instructions to recipients’ mail servers about what to do with invalid email.

Configured properly, used together, and then monitored and adjusted over time, these tools can greatly reduce cybersecurity risks and increase deliverability for legitimate email. (We include these tools and services in Macktez Domain Management as a monthly subscription.)

When your company receives all its email through Google, for example, but sends email using Mailchimp, SPF, DKIM, and DMARC all need to be used together to ensure that the Mailchimp email isn’t flagged as spam.

Our big retail client is using several marketing and retail services to send 3-5 million emails per month on the company’s behalf. The sheer number of emails sent requires a careful application of policy to make sure they reach their intended audience, and each of the services used to send email needs to be incorporated into the DMARC policy and monitored.

Macktez spearheaded the Domain Management project with our client. First, we confirmed or established correct SPF and DKIM records for every service our client uses to send email. Then we wrote a DMARC policy that at first collects information on all email alleging to come from our client’s domain.

Once we had enough data, we worked closely with several key members of the client’s staff to make adjustments and additions to the DMARC policy then, we slowly adjusted the percentage of invalid emails that DMARC would instruct recipient mail servers to quarantine or reject outright. This part of the process needs to be done incrementally and with ongoing attention to make sure that the policy is being applied correctly. It’s important not to rush this, or else you run the risk of legitimate emails getting blocked.


Within the first two months we could confirm through DMARC reporting that the number and percentage of sent emails that were delivered properly had gone up. Two more months of monitoring and policy adjustments showed that percentage continuing to increase, with authentic messages being delivered as intended while illegitimate messages (spoofing attempts of the domain sent from non-authorized servers) were consistently flagged.

This allowed our client to feel secure and confident that its marketing and sales emails were properly reaching its customers, and that any malicious attempts to subvert its stellar domain reputation were being blocked.

Our client’s marketing, sales, and customer experience teams benefit from the confidence that their emails are being sent with proper authentication and are being received by their customers without issue, while their customers get added security of knowing that spoofing attempts appearing to come from this company won’t even make it to their inbox.

Case Study Archive