Email Security Blog

The CMO’s Guide to Email Deliverability

Armen Najarian September 24, 2018 Email Security, Online Brand Protection

The email channel has always been the linchpin of your digital marketing operations. But a failure to use something called DMARC could obliterate your deliverability rates, your revenues—even your brand.

It’s no secret to digital-savvy CMOs that old-school email is a cutting-edge marketing team’s killer app.

But what you don’t know is something called “Domain-based Message Authentication, Reporting & Conformance” (DMARC) can have a devastating impact on the deliverability of your email marketing campaigns. Not to mention your conversions, your revenues—and even your competitive position.

After all, open rates become moot when nobody gets your email. But that’s not even the worst of it.

Yes, your automated lead gen and nurture track campaigns are no doubt legendary. Maybe you were GDPR-compliant before that was even a thing. Your list management—capture, segmentation, pruning and hygiene—may intimidate even your agency partners.

And your familiarity with the difference between shared and dedicated IP, hard and soft bounces, and other issues related to deliverability may truly be admirable. But it’s DMARC that’s emerging as a make-or-break component of your email strategy.

With that in mind, here are a few things every CMO should know now—before you’ve got a serious problem on your hands.

Battle for the Inbox

Social media, mobile apps and instant messaging may generate all the buzz at trendy marketing conferences. But you know it’s email that brings home the bacon.

The average $40 return for every $1 spent in this channel makes it second to none. And the fact that nearly 3 out of 4 consumers say email is their preferred mode of communication with the brands they know and love means email is more ascendant than ever.

There’s just one problem: Rival brands and overstuffed inboxes aren’t the only things you’re competing against these days. As it stands, 22.9 new phishing attacks impersonating trusted brands are launched every minute. Nearly one in five emails is now suspicious. And over the past five years, consumer and business losses from these brand impersonations have topped $12.5 billion

Even when you don’t know about crimes committed in your name, you can still pay a steep price. The financial damage to victims and the negative publicity generated by phishing attacks that impersonate your brand can render your own, real email campaigns toxic, if they’re even deliverable. The impact on your bottom line? Brutal.

Imposter Syndrome

Has your brand been impersonated? Today, there are really only two kinds of organizations: the 9 in 10 that know their domains have been spoofed in attacks, and the 1 in 10 that just don’t know it yet.

As ISPs and large email providers (Gmail, Yahoo, Outlook, etc.) step up efforts to stomp out phishing scams by blocking a growing number of suspect messages, deliverability is quickly becoming an existential threat to the effectiveness of your email marketing initiatives.  Get yourself blacklisted, and it sucks to be you.

To be clear, fraud isn’t the sole determinant in deliverability. Too many emails sent to unverified or out-of-date addresses only exacerbate matters. Then there’s engagement. The fewer recipients who open and respond to your perfectly legitimate messages, the more likely your subsequent emails will hit the junk folder—if they’re delivered at all.

Still, for the better part of a decade, one of the biggest factors in deliverability has been the reputation of a sender’s IP address, according to diginomica. When an IP becomes associated with phishing, it gets blocked.

As the pub points out, cyber-thieves are hip to all this, and routinely shift from one IP to another to avoid interdiction. As a result, domain reputation has been gaining importance. That’s where DMARC comes in.

DMARC Confidential

To those in the know, DMARC is an email authentication protocol for detecting and disrupting email-based brand impersonation attacks that spoof your domains. Why is it necessary? Because without DMARC, anyone can send an email from your domain.

That’s right. Because, believe it or not, email was never designed to authenticate the sender. That’s because back in the day, engineers who developed email were enamored with just getting servers to communicate with one another. Apparently focused on ease of use, they never foresaw a world where fraudsters would pose as  individuals and brands.

For years, we’ve all used email with the presumption that the From Address was legit. But then cyber defenses went up, and fraudsters gravitated to the easiest target—and the one gaping hole in most of those defenses is the lack of authentication as a standard feature in email platforms.

DMARC works with email authentication technologies already widely in use, including Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM), to enable receiving email servers to check for alignment between the apparent sender and an incoming message. It also provides guidance to the server if there’s non-alignment.

To work right, domain owners must set up DMARC files for each of their domains. When set up correctly, DMARC enables receiving mail servers to detect fraudulent emails sent by attackers impersonating your domains, thus protecting consumers, businesses and your brand. First deployed in 2012, DMARC is supported by 2.5 billion email boxes worldwide, and most major brands are already onboard.

The problem: Roughly 80% of organizations that have implemented DMARC have yet to set enforcement policies, which means they’re still wide open to impersonation attacks. Don’t be one of them.

Delivering Rapid Results

By blocking fraudsters, DMARC builds domain trust, helping to boost email deliverability. In turn, growing evidence suggests that improved trust is translating into increased success for email campaigns.

The good news: DMARC is an open standard so any organization can implement it. And the same industry group behind DMARC is currently rolling out a new open standard for logo displays to further protect brands.

The bad news: Doing DMARC without automation to discover and monitor all your email servers can be challenging, to say the least.

The fact is, even moderately-sized companies can have thousands of authorized email servers. Discovering those servers, and the people responsible for managing them, can be a nightmare.

Using Agari as an example, our Brand Protection solution orchestrates and automates the task of managing DMARC across all your domains, spanning your entire email ecosystem—including outside partners who send email on your behalf.

A recent study from Forrester Research found that email conversion rates for organizations using CP in four different industries rose an average of 4% within weeks of implementation. And profit margins from those conversions surged 11%. On average, brands saw a 326% return on investment.

With those kinds of gains, a CMO might just score some marketing conference buzz of their own.

To learn more about how DMARC-based email authentication can boost email deliverability, download a FREE copy of The Total Economic Impact of Agari Brand Protection,” from Forrester Research

Agari Blog Image

May 18, 2022 Ramon Peypoch

What Is Email Spoofing and How Do You Protect Against It?

What is Email Spoofing? Email spoofing is one of the most common forms of cybercriminal…

Agari Blog Image

April 27, 2022 Monica Delyani

5 Big Myths about DMARC, Debunked

With email attacks contributing to billions of lost dollars each year, a growing number of…

Computer Showing Secure Email Server

March 9, 2022 John Wilson

Securing Your Email with DMARC

Understanding the What, How, and Why of DMARC You probably already know this, but it…

Agari Blog Image

March 4, 2022 Jessica Ellis

Top Social Media Threats Targeting the Retail Industry

Social media threats targeting enterprises more than doubled last year. Attacks on the retail industry specifically…

Laptop with multiple paddle locks with key holes

January 24, 2022 John Wilson

2022 Data Privacy Week – Education and Inspiration

As the world becomes more and more dependent on online resources to complete daily tasks,…

mobile image