What are the issues with DMARC service companies and cousin domains?
Summary
What email marketers say7Marketer opinions
Email marketer from StackExchange explains that DMARC enforcement, particularly with a 'reject' policy, can inadvertently block legitimate emails if cousin domains or subdomains aren't properly configured. This impacts domain reputation.
Email marketer from dmarcian explains that managing DMARC across a portfolio of domains (including cousin domains) can be challenging, especially if they're managed by different teams or vendors. This can lead to inconsistent policies and increased vulnerability to attacks.
Email marketer from Litmus shares that actively monitoring DMARC reports across all your domains is essential to catch issues early. If you're not paying attention, you may not realize there's a problem with cousin domains until it's too late and emails are being blocked.
Email marketer from EmailVendorSelection.com explains that DMARC setups are often abused by less-than-reputable email marketing companies. They emphasize the importance of due diligence when working with vendors who manage your DMARC.
Email marketer from Reddit explains that some DMARC service providers may use aggressive scraping techniques on websites to find email addresses, and then spam them, potentially affecting the reputation of the client whose DMARC they manage.
Email marketer from Mailjet shares that cousin domains and subdomains should be treated with the same caution as top-level domains when considering DMARC implementation. Inconsistencies across domains/subdomains can lead to deliverability issues.
Email marketer from SparkPost shares that cousin domains, if not secured with DMARC, can be used to impersonate your brand. This damages trust and leads to a higher risk of phishing attacks targeting customers. This necessitates careful DMARC monitoring across the entire domain landscape.
What the experts say3Expert opinions
Expert from Email Geeks explains a DMARC service company scraped websites for addresses and spammed them without unsubscribe links or postal addresses. They highlight the irony of a DMARC company using a cousin domain to avoid getting blocked for spamming, even though the cousin domain had a p=reject policy.
Expert from Word to the Wise explains that some DMARC service companies scrape websites for email addresses to expand their reach, often without proper consent or unsubscribe mechanisms, which can negatively impact the reputation of both the service and the domains involved.
Expert from Email Geeks confirms that the marketing domains use a DMARC policy of p=reject, ensuring that only real mail on behalf of the company is sent.
What the documentation says5Technical articles
Documentation from Google shares that failing to properly manage DMARC records on related domains (cousin domains) leaves you susceptible to domain spoofing and phishing attacks. This compromises the overall security posture of your organization.
Email marketer from ReturnPath explains that domain alignment issues in DMARC can occur between parent domains and subdomains/cousin domains. If your DMARC policy is configured to be strict, and alignment fails for these other domains, your emails may be blocked, even if they are legitimate.
Documentation from RFC Editor explains that a poorly implemented DMARC policy, especially one using a reject setting without proper alignment, can block legitimate emails from cousin domains, leading to loss of business and customer communication. They recommend a gradual implementation strategy.
Documentation from DMARC.org explains that without proper management, cousin domains using DMARC can be spoofed to send phishing emails, affecting your primary domain's reputation. They recommend carefully managing DMARC policies across all related domains.
Documentation from Microsoft responds that DMARC can cause problems with indirectly managed domains (cousin domains) due to a lack of visibility and control. Microsoft recommends regular audits and monitoring of your DMARC reports.