Implement DMARC; it works and pays back

“Building up trust with ISPs ̶ implement DMARC; it works and pays back” was the subject of the five-person panel exploring the benefits of DMARC. As Yahoo’s Elizabeth Zwicky put it; “now the ‘from’ field on your email reflects who actually sent the email. This was not always the case, something users are often very surprised by. Now DMARC brings email more in line with what consumers actually expect”.

Tim Draegen, CEO & Founder of dmarcian.com, tracked the changing purpose of DMARC. It was first implemented as an anti-phishing measure around 2012. Around 2014 DMARC helped simplify delivery. Now in 2016, DMARC is implemented to enable rich email scenarios and build better email clients. For those who need to convince other stakeholders to implement DMARC, he recommends, you should “pitch [it] as a project management exercise. DMARC boils down to basically a one-time upgrade, if a bit complex. It’s a good way of selling it”. 

Legal issues with DMARC and recommendations for Germany 

Steve Jones, Executive Director, DMARC.org, looked at the numbers. Today 70% of email inboxes globally are protected by DMARC ̶ the new email authentication standard is spreading rapidly, as is SPF. Germany, however, has quite a low implementation rate of DMARC, at just 30%. One of the reasons is believed to be hesitation due to legal concerns about the information shared in the automatic reports. Andreas Schulze, Postmaster at DATEV, advises sending aggregated reports, which are legal in Germany. 

Rosa Hafezi, Legal Attorney at the Certified Senders Alliance, advised those struggling with their legal departments over whether to introduce DMARC or not to draw their attention to the Report on the compliance of DMARC with German law developed by the eco Competence Group E-mail. In short, the report concludes that the implementation of DMARC is consistent with German law, taking into account restrictions, some of which are considerable.