Contactez-nous Suivez-nous sur Twitter En francais English Language

De la Théorie à la pratique

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



DMARC and domain alignment in email marketing : Trust is the best starting point

October 2019 by Certified Senders Alliance (CSA)

Not everything is always going well on the Internet. Spam, phishing, man-in-the-middle attacks, spoofing, the list of bad guys on the net and their sophisticated methods is long. And in almost all cases, it is a medium that we all use on a daily basis, e-mail. For understandable reasons, cybercriminals do not use their own identity as a sender. Instead, they like to use reputable companies and brands, often banks, payment services, online shops or delivery companies. In principle, any brand can be affected.

The traps are so numerous that one becomes so suspicious that many Internet service providers (ISPs) check an email very carefully before it is forwarded to its customers, the recipients of the email. Particularly small ISPs even reject all incoming emails and send back a bounce code, hoping that serious senders will make a second attempt at delivery (greylisting). Other ISPs require authentication measures by email senders or certification of senders on a white list (e. g. with the Certified Senders Alliance CSA) in order to deliver emails.

This is a problem for brands, because they have a strong interest in having their email reach the recipient as well. Trust is the best entry point for ISPs. If ISPs classify an e-mail sender as trustworthy, it is very likely that the e-mail will also be delivered to the inbox. This trust, which Tobias Herkula, Manager Anti Spam Research Team at Cyren, calls "computational trust", needs to be earned first. And that’s where domain alignment comes into play. Domain alignment means that the domains used in SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) must correspond at least partially to the From address of the mail. SPF and DKIM are common specifications for email authentication and the From address is the email address that is displayed to the email recipient as the sender address. In simple terms, in a conventional paper letter, the sender’s address on the envelope, the sender on the letter and the signature under the letter would match. In fact, this goes without saying, or would you trust a letter with different addresses on the envelope and the letter?

However, it is not quite as simple with emails, as many marketers rely on external e-mail service providers (ESP) for their mailings. And at the latest then the From address in the mail header and the physical address no longer match and the domain alignment is no longer given. In such a case, Sebastian Kluth, Technical Director of the Certified Senders Alliance (CSA), advises the domain holder to use a subdomain for sending via a messaging service provider, for which it is then easier to set up and align. If this domain alignment is given, it brings a certain degree of trust to ISPs.

Domain alignment is also a mandatory prerequisite for the implementation of Domain-based Message Authentication, Reporting and Conformance (DMARC), another authentication procedure supported by many large ISPs such as AOL, Microsoft or Google. DMARC is based on the common SPF and DKIM specifications and makes emails clearly identifiable to ISPs. In addition, the sender (the brand) can determine how the ISP should handle emails that appear to come from him.

Conclusion: For e-mail marketers, a good reputation and therefore reliability are extremely important, as they have a direct influence on the deliverability of e-mails. Through the implementation of the DMARC protocol and the alignment of associated domains, brands can ensure that their identity is not abused and their reputation is not seriously damaged. Email marketers should therefore discuss the DMARC issue with their email service provider.

See previous articles


See next articles