Marketing’s Weekly Dose of the Truth

Ken Magill

About Us

Okay Marketers: Less Whining, More Doing

1/29/13

By Ken Magill

Finding out that just three of America’s top 100 retailers have published DMARC records and that 77 of them do not fully authenticate their domains wasn’t remotely surprising.

But it was a little infuriating.

Marketers are forever complaining that email inbox providers don’t treat their permission-based mail fairly.

And to some degree I have sympathized. But not today.

Almost exactly a year ago, some of the biggest brands on the Internet unveiled DMARC to combat phishing.

Those brands were leading email providers AOL, Gmail, Hotmail and Yahoo! Mail, some of the most highly phished brands, including Bank of America, Fidelity Investments, PayPal, American Greetings, Facebook and LinkedIn, email security concerns Agari, Cloudmark and Trusted Domain Project and email intelligence firm Return Path.

Non-financial-services email marketers apparently responded to the scheme’s unveiling with the industry’s version of crickets.

I’m no expert on email security, but it seems to me that if the tools to help combat email fraud are readily available and—so I’m told—easily implementable, companies that have financial relationships with the people to whom they send email should implement them.

Rather than grousing about the collateral damage we suffer, we should be helping solve the problem.

Imagine what the ISP abuse desk folks are thinking: “These jackwads won’t lift a finger to help us identify fraudulent email. So why should we give a crap about them?”

Even marketers who don’t think their brands are phishing targets should take the steps to help ISPs isolate fraudulent messages.

Helping ISPs fight fraud helps all of us. On a more personal note, helping ISPs fight fraud also helps decrease the odds Granny’s going to get her bank account cleaned out.

Help protect Granny. Authenticate your domains and publish a DMARC record asap.

Comments

Show: Newest | Oldest

Post a Comment
Your Name:
Subject:
Comments:
Verification:
Please type the letters in the image above

Terms: Feel free to be as big a jerk as you want, but don't attack anyone other than me personally. And don't criticize people or companies other than me anonymously. Got something crappy to say? Say it under your real name. Anonymous potshots and personal attacks aimed at me, however, are fine.

Posted by: Steve Henderson
Date: 2013-02-05 10:55:28
Subject: ...but DMARC is broken by design

DMARC, as far as I have found, treats a forwarded email and a fraudulent email as an spf failure. Forwarding email is not exactly uncommon or suspicious. (students re-routing their college emails to Hotmail, or people with multiple email accounts using a single email client to read their emails) I was a DMARC early-adopter but started to see all sorts of nonsense in my rua/ruf reports, showing too many false-positives for legitimate email for me to roll-out DMARC across my other domains. DMARC does not seem to deliver on its promises

Xverify