ABA Banking Journal
No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
SUBSCRIBE
ABA Banking Journal
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
No Result
View All Result
No Result
View All Result
ADVERTISEMENT
Home Retail and Marketing

Restoring Trust in Email

May 1, 2017
Reading Time: 5 mins read

By Mark Kennedy

Despite the dominance of social media as the marketing channel of choice, email is still a fundamental pillar of communication for B2B and B2C companies. The effectiveness of email depends on the customer’s ability to trust the emails they receive—but with more than 100 billion spam messages sent out every single day, how can clients know that the genuine emails you send are really from you, and not another phishing scam?

The good news is that there is a standard that helps ensure that the emails your customers, partners, and employees receive from your domains are legitimate. It’s called the Domain Message Authentication Reporting and Conformance (DMARC) standard. And it’s been used by most major email providers, including AOL, Gmail, Hotmail, and Yahoo Mail, since 2011.

Email providers are serious about proactively protecting their users from phishing and spoofing—that’s why they got together and created the DMARC standard six years ago. Today, roughly 70% of the world’s consumer inboxes are DMARC-compliant.

The concept of DMARC can be confusing, so let’s focus on the essentials.

Email is effective only if it reaches people, is trusted by them, and is not relegated to the junk mail folder.

A lack of trust in our email communication can lead to missed sales and marketing opportunities, not to mention the reputational damage that occurs when fraudsters masquerade as your brand. What DMARC does is provide a guarantee that emails you send from your domain reach client and employee inboxes, because recipients know that the emails are indeed from you.

DMARC uses existing email identification technology to make a judgement about an email’s source.

Among other things, it looks specifically at the identifier in the From header of an email—the @domainX.com portion of an email address, for example. That’s because cybercriminals can forge the From header of an email so that it looks like it comes from a legitimate domain, when in fact, it is spoofed and really comes from someone or someplace else, likely with malicious intent.

To address that risk, the DMARC authentication standard provides information about email, so that senders can confirm to email providers that the sender’s identity matches the domain where emails should be coming from. DMARC makes sure these two items are aligned, and then gives instructions about what email providers should do when message headers don’t match up.

What happens when an email is not authenticated with a domain match?

DMARC offers three possible instructions for how email providers should respond.

1. T he first policy option is to go into “monitor” mode. In this mode, nothing about email delivery changes. The benefit of monitor mode is that it provides visibility. Organizations can see which unauthenticated messages are being sent in their name, but delivery of those emails is not interrupted.

Companies just getting their feet wet with DMARC are best to begin in monitor mode, especially if they are concerned about anything that blocks emails right off the bat. By implementing DMARC, nothing needs to change right away. Organizations will simply have more information that will enable them to make an informed decision about what to do next, especially if spammers and scammers are spoofing their brand.

Once familiarized with the protocol, banks can start to get more active in directing their email traffic.

2. The second DMARC policy option is “quarantine” mode. This instruction directs all suspicious or unauthenticated emails go to your customers’ and employees’ junk mail folder.

3. The third policy option combines the quarantine function with a “reject” function. This ensures that emails from unauthenticated servers are never received at all. This is ideal for firms that have had experience with the quarantine function, and have had visibility into who was sending emails from their domain, legitimately or otherwise. At that point, they should feel comfortable progressing to the more stringent “quarantine-reject” mode. That is to say, once you are certain that all of your servers sending emails on your domain’s behalf are accounted for, you can reject the ones that are not, so that potentially harmful emails don’t even appear in people’s junk mail folders.

How well does DMARC filter out spoofed messages?

Here are some facts and figures from DMARC.org:

  • When prominent brands like Facebook, PayPal, and Twitter implemented DMARC in 2014, they saw phishing email imitating their brand drop by 50%.
  • Twitter reported nearly 110 million messages per day were spoofing its domains prior to deploying DMARC. This was reduced to only 1,000 per day after putting in place DMARC.
  • A number of leading financial institutions adopted DMARC in 2015, including American Express, Bank of America, Chase Bank, Citibank, Discover Financial, Fidelity Investments, VISA, Wachovia and Wells Fargo.

Of course, implementing DMARC will require some cross-collaboration with your IT team. You and your IT and fraud teams will all benefit from the valuable data received from the world’s biggest email providers, and the insight of who is sending legitimate and illegitimate email from your domain.

ADVERTISEMENT

While DMARC adoption as a stand-alone tool is not a complete fraud solution, it remains the gold standard for restoring trust in email. You can check here to see if your domain currently has a DMARC record, and if not, you may want to speak to your IT department about implementing the standard.

Some more key DMARC statistics.

  • 2.5 billion mailboxes are protected by DMARC worldwide, or 70% of all mailboxes in existence.
  • There’s been a 122% increase in the number of users who have sent 100 or more DMARC reports.
  • There’s also been a 24% year-over-year increase in DMARC adoption across 1,000 top global brands.

What does the future hold for DMARC?

In February 2016, Google announced that it will provide a visual indication of whether a sender’s identity can be trusted in its Gmail interface. DMARC.org intends to take this a step further by collaborating with mailbox providers to develop a standardized indicator that visually flags messages sent to consumers that fail the authentication process. This will remove the guesswork and deliver a safer, more transparent email experience for end users by making them aware of good versus bad email that reaches their inbox.

This has implications for marketers and will drive brands to implement the latest authentication protocols more broadly in order to maintain positive subscriber engagement for their email marketing campaigns. Much of email marketing has been put at risk by the rise of spam and phishing. But as companies come to realize the benefits of not only adopting DMARC, but doing so in an active way, unwanted and dangerous emails may become a thing of the past.

Mark Kennedy is a marketing writer at Easy Solutions, Inc., a provider of electronic security and fraud prevention across all devices, channels, and clouds.

Tags: Email marketing
ShareTweetPin

Related Posts

#PracticeSafeChecks campaign wins two Telly Awards

#PracticeSafeChecks campaign wins two Telly Awards

Compliance and Risk
May 21, 2025

An ABA public education campaign warning consumers about the risks of check fraud has received two awards for video and television excellence.

Sanctions Compliance Pitfalls for Banks

How one bank’s ‘stop and think’ message slashed customer fraud losses

Compliance and Risk
May 20, 2025

What constitutes effective fraud prevention strategy? One path to success is a larger, strategic program.

FDIC: Number of unbanked households drops to new low

Kansas City Fed economist: Bank On may have reduced unbanked rates

Community Banking
May 19, 2025

An increase in the number of financial institutions offering Bank On-certified accounts may have contributed to the decline in unbanked households by lowering barriers to account ownership, according to new research.

Bank marketers double down on AI

Bank marketers double down on AI

Retail and Marketing
May 19, 2025

Bank marketers will continue to test the AI waters and find efficiencies and scale.

CFPB proposes to regulate large nonbanks in personal loan market

Survey: Customer satisfaction with personal loans holds steady

Mortgage
May 16, 2025

Overall customer satisfaction with personal loans has remained largely flat, according to J.D. Power’s 2025 U.S. Consumer Lending Satisfaction Study.

Directors Briefing: Millbury National Bank marks 200 years  of independence with CEO transition

Directors Briefing: Millbury National Bank marks 200 years of independence with CEO transition

Directors Briefing
May 14, 2025

“Millbury National has always been about serving our community, and that will never change.”

NEWSBYTES

#PracticeSafeChecks campaign wins two Telly Awards

May 21, 2025

Proposed amendment would add credit card rate cap to Senate stablecoin bill

May 21, 2025

ABA, associations urge senators to reject adding credit card routing mandates to stablecoin bill

May 21, 2025

SPONSORED CONTENT

Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

April 25, 2025
Outsourcing: Getting to Go/No-Go

Outsourcing: Getting to Go/No-Go

April 5, 2025
Six Payments Trends Driving the Future of Transactions

Six Payments Trends Driving the Future of Transactions

March 15, 2025
AI for Banks: A Starter Guide for Community and Regional Institutions

AI for Banks: A Starter Guide for Community and Regional Institutions

March 1, 2025

PODCASTS

Podcast: Accelerating banking for quick-service restaurants

May 8, 2025

How a Georgia community bank supports government-guaranteed lending nationwide

May 1, 2025

Podcast: Quantum computing’s shakeup in payments, cybersecurity

April 24, 2025
ADVERTISEMENT

American Bankers Association
1333 New Hampshire Ave NW
Washington, DC 20036
1-800-BANKERS (800-226-5377)
www.aba.com
About ABA
Privacy Policy
Contact ABA

ABA Banking Journal
About ABA Banking Journal
Media Kit
Advertising
Subscribe

© 2025 American Bankers Association. All rights reserved.

No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive

© 2025 American Bankers Association. All rights reserved.