In January 2012, 15 email services providers, financial firms and message security companies—including AOL
Inc., Microsoft Corp., Return Path and Yahoo Inc.—founded DMARC.org, a working group to create standards to reduce the threat posed by phishing, spam and other messaging abuses. However, seeing low industrywide adoption rates, marketers may wonder why it's important to implement the standards now. Ralph Lentz, chief revenue officer at messaging technology provider Message Systems (who is also a member of the Online Trust Alliance board), said embracing the standards are important because they form a framework that's been widely adopted by the email-receiving community. "If you're a marketer, these companies—Yahoo, [Microsoft], Gmail and AOL—are the gatekeepers that provide you with access to a large segment of your customer base. Marketers who ignore DMARC do so at their peril," he said. The DMARC specification (Domain-based Message Authentication, Reporting and Conformance) is designed to thwart phishers and criminals by allowing senders and recipients to exchange email authentication among each other. In October, DMARC.org announced the standards had been adopted by a number of additional companies, such as Constant Contact, Contactlab and dotMailer. Microsoft late last year also added DMARC to its Outlook.com service. Today, when users get an email from a sender that supports DMARC, Outlook flags that message with a "trusted sender" logo verifying that it is legitimate. This is significant for both b-to-b and b-to-c marketers, Lentz said. "Bringing consumers into the fold in this way could raise public awareness considerably around email security concerns and create incentives among the sender community to increase adoption [of the standards]," he said. "If you're a bank, retailer, publisher or any kind of brand, do you want your email to be the only messages in your customer's inbox not flagged as DMARC-secure?" Implementing the standard does take a little work, Lentz said. "If you're a marketer working with an email service provider or marketing automation company, go ahead and inquire about what kind of plan or timeline your service provider has in place for DMARC adoption," he said. "If you have an in-house sending capability, you'll want to consult with your operations or system administration managers to find out the feasibility of implementing DMARC."