New DMARC requirements are here: What you need to know and do

Have you by any chance noticed a recent uptick in the number of outgoing emails that get bounced by their recipients’ host domains? If so, there’s a reason for that: Just as they told us they would, Google and Yahoo have both begun to implement increasingly strict requirements for senders to use fully configured  DMARC (domain-based message authentication, reporting, and conformance) protocols.

Plenty of advance warning

This really shouldn’t come as a surprise to anyone. Google and Yahoo have both been gradually adding weight to domain-fraud protection protocols for some time now, including  sender policy framework (SPF), DomainKeys identified mail (DKIM), and DMARC. It’s just that beginning this month, they’ve significantly ratcheted up those requirements.

It should especially not come as a surprise to regular readers of this blog. After all, we’ve published several posts about the upcoming changes, including this one and this one. And in this preview of Barracuda’s January webinar lineup, we alerted you to two webinars on the subject, recordings of which you can now watch on demand: This one for a general audience, and this one specifically tailored to the K-12 education market.

Why it matters

The volume of cyberattacks that are initiated by malicious emails that spoof legitimate domains, or that are sent from accounts that have been taken over by crooks, has been increasing at an alarming rate.

There is a confluence of factors that are causing this rise:

• Growing use of advanced security solutions has made it harder for criminals to launch successful attacks using malware, application exploits, and other more traditional means.
• The emergence of AI and its easy availability has enabled criminal gangs to craft more effective email attacks and to dramatically scale the volume of those attacks.
• And, although SPF, DKIM, and DMARC protocols have existed for a while now, configuring them properly has traditionally been a complex, error-prone, and time-consuming process — one that organizations with limited IT resources have understandably neglected. In 2019, one study found that fully 80% of organizations simply were not using them.

How Barracuda can help

A modern DMARC solution like Barracuda Domain Fraud Protection — available as part of the comprehensive Barracuda Email Protection platform — eliminates the complexity and difficulty that have kept so many from implementing DMARC. Thanks to powerful automation and a very simple, easy-to-use interface, even the most under-resourced IT team can quickly and easily set up complete DMARC protections.

This not only improves the deliverability of outgoing emails, it also protects your reputation against the consequences of having your domain spoofed in ways that make recipients place you on their email blocklists.

In addition, it provides visibility into who is sending emails on your behalf, both legitimately and fraudulently — which is especially important to K-12 organizations, which often use third parties to manage many elements of their outgoing communications.

The bottom line

Getting DMARC implemented and configured properly has always been important. But now, thanks to Google’s and Yahoo’s increasingly strict requirements, it’s critical. Fortunately, it’s also easier than ever before.