Summary
The consensus is mixed on whether ESPs should mandate DKIM and DMARC for paid customers. While email authentication protocols like DKIM, DMARC, and SPF enhance deliverability and security by preventing spoofing and phishing, forcing their implementation presents challenges. Increased onboarding friction and technical complexity are significant concerns, particularly for small businesses and less technical users. DMARC's impact on mailing lists is another key consideration, potentially disrupting functionality. Furthermore, it's also important to acknowledge the costs of the implementation, as well as the businesses that monetise from DMARC.
Key findings
- Improved Security & Deliverability: DKIM, DMARC, and SPF enhance email security and improve deliverability.
- Increased Onboarding Overhead: Forcing DKIM/DMARC can increase the initial setup burden, especially for non-technical users.
- Technical Complexity: Implementation can be complex and creates barriers for some users.
- Negative Impact on Mailing Lists: DMARC can negatively impact mailing list functionality and delivery.
- Increased Implementation costs: Forcing implementations increases the costs to the ESP and the user.
Key considerations
- User Support & Education: Offer comprehensive support, simplified tools, and educational resources to ease the transition.
- Tiered Service Options: Consider offering tiered service options to accommodate varying customer needs and technical expertise.
- Potential Delivery Issues: Carefully configure DMARC policies to avoid blocking legitimate emails.
- Mailing List Compatibility: Address potential impacts of DMARC on mailing lists and consider alternative solutions.
- Cost Implications: Acknowledge and address the increased costs associated with implementing and supporting these protocols.
What email marketers say
11 marketer opinions
The question of whether ESPs should force DKIM and DMARC on paid customers elicits varied opinions. While mandating these protocols is generally seen as beneficial for improving email deliverability, enhancing sender reputation, and reducing the risk of spoofing and phishing, it's also recognized that this approach presents potential challenges. These challenges include increasing onboarding friction, particularly for smaller businesses or clients with limited technical expertise. Some suggest offering tiered support, simplified implementation tools, and comprehensive educational resources to mitigate these difficulties. There are also technical challenges involved that could cause delivery problems for transactional and marketing emails if implemented incorrectly. Furthermore, the cost of implementation is increased for users.
Key opinions
- Improved Deliverability: DKIM and DMARC significantly improve email deliverability and sender reputation.
- Security Benefits: These protocols help prevent spoofing and phishing attacks, benefiting both ESPs and customers.
- Onboarding Challenges: Mandating DKIM/DMARC can increase onboarding friction, especially for less technical users.
- Technical Complexity: Implementing DKIM, DMARC, and SPF can be complex, creating barriers for some users.
- Implementation Costs: These protocol implementations can increase costs for the user as well as the ESP providing support for the implementation.
Key considerations
- Tiered Support: Consider offering tiered support and pricing models to accommodate diverse customer needs.
- Simplified Tools: Provide simplified implementation tools or guides tailored to different technical skill levels.
- Educational Resources: Offer comprehensive assistance and educational resources to ease the transition.
- Potential Delivery Issues: Acknowledge and mitigate potential delivery problems for transactional/marketing emails due to incorrect implementation.
- User Expertise: Many users simply don't have the expertise to deal with DNS, SPF or DMARC settings which can potentially cause huge issues if not configured correctly.
Marketer view
Email marketer from Email on Acid shares that while mandating DKIM and DMARC improves security and deliverability, ESPs should consider offering tiered support and pricing models to accommodate diverse customer needs. Some clients may require more hands-on assistance, while others may prefer self-service options.
22 Apr 2023 - Email on Acid
Marketer view
Email marketer from Reddit shares that mandating DKIM/DMARC could create hurdles for certain clients, particularly those lacking technical knowledge or those using third-party services that may not fully support these standards. They recommend offering comprehensive assistance and educational resources to ease the transition.
10 Jul 2021 - Reddit
What the experts say
12 expert opinions
Forcing DKIM and DMARC on paid ESP customers presents a complex scenario. While it aligns with current trends and improves an ESP's setup, there are significant implications and downsides to consider. Increased onboarding overhead arises from requiring customers to authenticate their domains. Furthermore, DMARC can negatively impact mailing lists, causing delivery problems, breaking functionality, and creating complexity. DMARC's complexity is a downside, particularly for end-users and those with less technical experience and it also relies on companies who are making money directly off the complexity of it.
Key opinions
- Increased Onboarding Overhead: Forcing DKIM/DMARC increases the initial setup burden for customers.
- Mailing List Problems: DMARC interacts poorly with mailing lists, potentially causing delivery issues and breaking functionality.
- Technical Complexity: DMARC setup can be challenging, especially for end-users and those with less technical experience.
- Negative Impact on Indirect Mail Flows: DMARC breaks indirect mail flows, affecting how email is used by real people.
- Business motivations: DMARC is being pushed hard by companies who are making money directly off the complexity of it.
Key considerations
- Domain Purchase Requirements: Consider whether customers are forced to buy domains to comply with DKIM/DMARC requirements.
- Mailing List Handling: Address the potential impact of DMARC on mailing list delivery and functionality.
- Ease of Implementation: Balance security benefits with user experience, and simplify DMARC setup for end-users.
- DMARC Policy Impact: Consider the effects of DMARC quarantine/reject policies on legitimate email delivery.
Expert view
Expert from Email Geeks warns that DMARC with a policy statement of quarantine or reject can cause delivery problems and issues with mailing lists, including replies off-list and sender identification.
31 Oct 2024 - Email Geeks
Expert view
Expert from Email Geeks explains that if your employer has published a DMARC record and you send mail to a mailing list then you are violating DMARC policy for all the receivers of that mailing list. They won’t see your mail - and if they reject it you’ll be bounced off the list.
16 Aug 2024 - Email Geeks
What the documentation says
4 technical articles
DMARC, DKIM, and SPF are key email authentication methods. DMARC uses DKIM and SPF to authenticate, allowing domain owners to specify how recipient servers should handle unauthenticated emails, thus preventing spoofing. DKIM adds digital signatures for verifying sender authenticity and message integrity, while SPF specifies authorized mail servers for a domain. Enforcing these protocols provides comprehensive authentication, but requires careful setup, monitoring, and key management and for high volume sends, DMARC is a necessity.
Key findings
- DMARC Authentication: DMARC relies on DKIM and SPF for email authentication and helps prevent spoofing.
- DKIM Signature: DKIM adds a digital signature to emails to verify sender authenticity and message integrity.
- SPF Authorization: SPF specifies authorized mail servers for a domain, helping prevent unauthorized sending.
- High Volume send requirements: For high volume sends, DMARC, DKIM and SPF are requirements.
Key considerations
- Setup Complexity: Requires careful setup, monitoring, and key management to avoid blocking legitimate emails.
- SPF Limitations: SPF alone doesn't provide the same level of protection as DKIM and DMARC combined.
- High volume sends: When sending high volumes of email, DMARC, DKIM and SPF are requirements.
Technical article
Documentation from RFC Editor explains that DMARC relies on DKIM and SPF to authenticate email. DMARC policies allow domain owners to instruct recipient mail servers on how to handle unauthenticated emails (e.g., quarantine or reject). This helps prevent email spoofing, but requires careful setup and monitoring to avoid legitimate emails being blocked.
14 May 2024 - RFC Editor
Technical article
Documentation from DKIM.org explains that DKIM adds a digital signature to outgoing emails, allowing recipient mail servers to verify the sender's authenticity. This process helps ensure that messages haven't been altered in transit and are genuinely from the purported sender. Implementing DKIM can be complex and requires proper key management.
20 Apr 2022 - DKIM.org
Are DMARC RUA and RUF tags mandatory for compliance and what are their benefits?
Are SPF, DKIM, and DMARC as important in B2B as in B2C email marketing?
Do DMARC and BIMI require p=reject to be present on the organizational domain?
Does DMARC improve email deliverability and should ESPs push senders to set it up?
How can I use DMARC to prevent spammers from using my domain?
How do SPF, DKIM, and DMARC email authentication standards work?
