DMARC Email Authentication Guide for Small Businesses

DMARC email authentication and policy guide with simple tips for small business

If you have a mailing list for your business there’s an email authentication change coming to Gmail, Yahoo!, AOL, and other services that could prevent your marketing emails and newsletters from reaching your subscribers’ inboxes.  Starting in February 2024, major email receiving services are implementing new requirements that require bulk emails to pass a DMARC verification.

The new requirements are aimed at stopping spam, phishing attempts, and other fraudulent email from reaching email recipients’ inboxes by authenticating the source of the email. In other words, they check to see if the email really came from the domain that shows in the From line.

When an email fails authentication, receiving email servers (e.g., Gmail or other places one receives email) may stop the email from being delivered. Thus, it can help prevent people from receiving emails that look like they came from your company but originated elsewhere. 

That’s good news.

But if you are a small business owner it presents a slight problem: there are some steps you need to take to authenticate your emails, prevent them from being blocked, and protect the sending reputation of your domain.

Here’s a simplified explanation of the basics you need to know.

What is DMARC?

DMARC is an acronym for Domain-Based Message Authentication Reporting and Conformance. In simpler terms, it’s an email security protocol that can distinguish between legitimate and fake emails and help prevent fake emails from landing in inboxes.  

Here’s what DMARC does.

  1. It authenticates email sources: DMARC verifies that the sender of an email (the name that shows in the “from” line in email) is authorized to use the domain they’re sending from. (Think of it like making sure someone who comes to your door and claims to be from the utility company really works for them.)

    It does that by comparing where an email actually originated to email verification data (DKIM and/or SPF records) stored in the DNS for the domain showing in the “From” line.  
  2. It specifies how to handle email that can’t be authenticated.  If the records don’t match (e. g., a spammer puts your domain name in the from line), DMARC tells receiving email servers what to do with the email.

    It makes that decision by following the instruction you publish in a DMARC policy in your domain DNS.  The choices are:  do nothing, quarantine, or reject the mail.

    For example, say you have your DMARC policy set to reject unauthenticated email. A fraudster spoofs your email address and sends bulk email from The email servers (such as Gmail and Yahoo!) that receive that unauthenticated mail will block the mail from recipients email boxes.
  3. DMARC sends email delivery reports. You can check these reports if you want to see what’s happening with your email and whether anyone is spoofing it.

What Emails Will Be Affected?

Google’s and other email servers plan to apply the new authentication requirement to email senders who send more than 5,000 emails a day.  But even if you don’t send 5,000 emails at a time, it’s wise to set up a DMARC record and policy for your domain to protect your domain sender reputation. If a spammer spoofs your domain name, they might send tens of thousands of emails pretending to be you.

DMARC has to be set up in the DNS for your domain. Even if you’re using an email service provider to send mail to your mailing list, the DMARC you may still need to set up the DMARC records on your domain. (Scroll down for details.)

There are multiple sites on the web that provide detailed instructions on how to set up DMARC, DKIM and SPF records on for your domain.  For instance, Get to the Inbox by SuretyMail has a helpful article about setting up DMARC and related protocols.  

But if you’re a typical small business (and not a web developer), it may take you some time to figure and follow the instructions yourself.

To avoid the time drain, aggravation, and worry (about whether you’re doing it right) ask your web developer or your hosting company support team to set up all the email authentication records for you.

Authenticating Email Sent Through Email Service Providers

When you use an email marketing service provider to send bulk mail to your mailing list, the emails go out through the email service provider’s server, not the email server on your own domain.  Mail sent through a major email service provider will have some basic authentication, but it will be attached to their service, not your domain name.  

Therefore, your email service provider may suggest or require you to self-authenticate your emails to build your reputation as a safe sender under your domain name instead theirs and to make your domain show in the From line. Look for instructions to do that on your provider’s site. 

The instructions will tell you to add specific information to certain records in the DNS for your domain. (Here’s an example from Constant Contact.) If you aren’t sure how to follow the instructions or where to make changes, as noted above, ask your hosting company support or a web developer to do it for you.  The changes are simple and fast to make for someone who is familiar with setting up DNS records.

Additional Requirements for Getting Email Delivered

In addition to DMARC verification, Google announced that starting in February 2024, they will require bulk senders to:

  • Make it easy to unsubscribe. Commercial email senders will have to give Gmail recipients the ability to unsubscribe with one click and will have to process unsubscribes within two days.
  • Don’t send unwanted email.  Google is instituting a spam rate threshold. You’ll need to stay below that threshold to get your messages delivered to people with Gmail addresses.

Less Spam Is Better for Everyone

The new requirements from Gmail and other receiving email services are enhancements to existing procedures for blocking spam and fraudulent emails. You, or a support person, may need to make some simple changes in the DNS records for your domain to be sure your emails aren’t blocked and to protect your domain sending reputation.

The new requirements will help reduce the amount of spam in your customers’ inboxes. That, in turn, may improve your open rate by making it easier for them to see and read your emails.

If you let professionals handle the technical details and make sure you are sending wanted email to an opt-in list, your emails should get through with no problem.

Photo credit: iStock photo/ Ingenious Buddy

By Janet Attard

Janet Attard is an author and small business expert who has been using email marketing to grow online sites for more than 30 years.

Leave a comment

Your email address will not be published. Required fields are marked *