Should ESPs force DKIM and DMARC on paid customers, and what are the implications and downsides?
Summary
What email marketers say11Marketer opinions
Email marketer from Email on Acid shares that while mandating DKIM and DMARC improves security and deliverability, ESPs should consider offering tiered support and pricing models to accommodate diverse customer needs. Some clients may require more hands-on assistance, while others may prefer self-service options.
Email marketer from Reddit shares that mandating DKIM/DMARC could create hurdles for certain clients, particularly those lacking technical knowledge or those using third-party services that may not fully support these standards. They recommend offering comprehensive assistance and educational resources to ease the transition.
Email marketer from GMass Blog shares that implementing DMARC, DKIM, and SPF can be complex, especially for small businesses. While it is beneficial for deliverability, forcing these protocols could create barriers to entry for some users. ESPs should consider providing simplified implementation tools or guides tailored to different technical skill levels.
Email marketer from Litmus says although DMARC, DKIM and SPF implementations improve email security, it can often cause delivery problems for transactional and marketing emails if implemented incorrectly by ESP's.
Email marketer from SparkPost Blog explains that adopting DKIM and DMARC is crucial for maintaining a positive sender reputation and improving email deliverability. While it is beneficial, the requirement could negatively impact smaller businesses with less technical expertise. They suggest providing simplified resources for onboarding.
Email marketer from Quora shares that many users simply don't have the expertise to deal with DNS, SPF or DMARC settings which can potentially cause huge issues if not configured correctly.
Email marketer from Email Geeks shares experience that their company didn't force DKIM or DMARC at Maropost for 8 years, but made DKIM setup with alignment standard, and almost all customers did it and today, they'd definitely make DMARC standard.
Email marketer from Email Geeks says that requiring DKIM and DMARC is the right thing to do, as it's only a matter of time before deliverability depends on alignment and having DKIM and DMARC has no downside.
Email marketer from Mailjet Blog explains that forcing DKIM and DMARC can significantly improve deliverability by authenticating emails and protecting sender reputation. It reduces the risk of spoofing and phishing attacks, which is beneficial for both the ESP and its customers. However, it could potentially increase onboarding friction, requiring more technical expertise from customers.
Email marketer from Email Marketing Forum shares that although it increases security, forcing DKIM/DMARC increases cost to users who now need to implement it as well as increased work/cost on the ESP side to support all clients with this change.
Email marketer from Email Geeks asks for opinions on forcing all paid customers to complete DKIM and DMARC, feeling it's needed with updates from Google and Yahoo.
What the experts say12Expert opinions
Expert from Email Geeks warns that DMARC with a policy statement of quarantine or reject can cause delivery problems and issues with mailing lists, including replies off-list and sender identification.
Expert from Email Geeks explains that if your employer has published a DMARC record and you send mail to a mailing list then you are violating DMARC policy for all the receivers of that mailing list. They won’t see your mail - and if they reject it you’ll be bounced off the list.
Expert from Email Geeks explains that slack and forums are not replacements for mailing lists and she still has that history in her mailbox. Look at how much deliverability history and information has disappeared due to validity taking down the old RP blogs. OTOH, she can still retrieve information from mailing lists she was on in 2000 and that have since lived on and some of those are deliverability related.
Expert from Spam Resource explains that DMARC's complexity is a real downside, especially for end-users. Setting up DMARC can be challenging, and incorrectly configured policies can cause legitimate emails to be rejected. ESPs need to balance security benefits with the user experience.
Expert from Email Geeks explains that DMARC breaks indirect mail flows which breaks a lot of functionality inherent in how email is used by real people to communicate with one another and it does it at great expense and with very little obvious benefit.
Expert from Spam Resource explains that, from a list owner's perspective, DMARC policies are making it harder to run mailing lists. Mailing lists often modify headers which will make DMARC fail if the email has a strict DMARC reject policy.
Expert from Email Geeks explains that even adding p=none in a DMARC record may change the behavior of mailing lists for subscribers from your domain.
Expert from Email Geeks says that forcing customers to complete DKIM and DMARC is becoming the norm, and the interesting question is whether ESPs are forcing them to buy domains.
Expert from Email Geeks explains that DMARC companies lobby against fixing and mitigating things in the dmarc standard, and that a lot of people who are financially invested in DMARC hand wave away real objections by saying things like 'mailing lists don't matter and need to be replaced'. She goes on to say to show her the numbers that DMARC will make an impact on security or improve the situation with phishing and even how to collect the data but was told it's too hard.
Expert from Email Geeks explains that making customers authenticate with their own domain increases onboarding overhead, but sets ESPs up well for the future and a lot of the reason we're in this situation is that a decade ago many ESPs decided not to force customers to sign with their own domain.
Expert from Spam Resource explains that forcing DMARC on users is tricky because it interacts poorly with mailing lists. Mailing lists can break DMARC authentication and cause issues for subscribers and list owners. Also, DMARC record implementation can be overly complex for non-technical users.
Expert from Email Geeks explains that DMARC breaks basic email functionality and the main reason DMARC is being pushed hard is by companies who are making money directly off the complexity of it and it also was originally designed for bulk mail only.
What the documentation says4Technical articles
Documentation from RFC Editor explains that DMARC relies on DKIM and SPF to authenticate email. DMARC policies allow domain owners to instruct recipient mail servers on how to handle unauthenticated emails (e.g., quarantine or reject). This helps prevent email spoofing, but requires careful setup and monitoring to avoid legitimate emails being blocked.
Documentation from DKIM.org explains that DKIM adds a digital signature to outgoing emails, allowing recipient mail servers to verify the sender's authenticity. This process helps ensure that messages haven't been altered in transit and are genuinely from the purported sender. Implementing DKIM can be complex and requires proper key management.
Documentation from Google explains that senders must have DMARC setup to send over 5000 emails a day. They must also have DKIM and SPF setup along with valid hostnames. This documentation is important for email marketers looking to send high volumes of email as well as implementing the correct policies.
Documentation from AuthSMTP explains that Sender Policy Framework (SPF) records specify which mail servers are authorized to send email on behalf of a domain. While SPF helps prevent spoofing, it doesn't provide the same level of protection as DKIM and DMARC. Requiring SPF, DKIM, and DMARC ensures comprehensive email authentication but could pose technical challenges for some users.