If you’ve been following along in our blog series, you’ll know we made it to the finish line in our last blog post – getting to DMARC enforcement and brand protection. So what’s next? Staying at DMARC enforcement is the next challenge.
In our final blog of this series, we’ll discuss how you can stay in the winners’ circle with continuous protection. We’ll also talk about how to stand out in the inbox by adding your logo to every email because now that you’re at DMARC enforcement, you can take advantage of BIMI.
Staying in the winner’s circle: Staying at DMARC enforcement
Now that your domain is configured for DMARC and set to enforcement, mailbox providers will reject (block from delivery) or quarantine (move to a spam folder) any messages from senders not authorized by your domain’s policy. Congratulations on protecting your brand, and thank you for contributing to a safer email ecosystem for everyone.
Step one to staying protected is having visibility into any changes with your domains, email sources and email traffic. With both of our solutions, Monitor and Enforce, you can create alerts to receive proactive information that will help keep you up to date with your domains’ email traffic activity.
With Monitor, you can create notifications about the following items:
- Suspicious sending alert – lets you know about potentially malicious traffic from Unidentified IPs
- New service detected alert – enables you to know when a new service starts sending mail on behalf of your domain(s)
With Enforce, you can set up the alerts above as well as these additional ones:
- DMARC Policy – notify you when there are changes to your DMARC policy
- Enabled Senders DMARC – lets you know when an enabled sender on a specified domain hits a certain DMARC pass rate threshold
- Executive Report – contains an overview of your account’s email activity over a selected period of time including potential phishing emails, authenticated emails and DMARC pass rates
- Record Configuration Change – lets you know when there are any changes to your DMARC, DKIM, or SPF configurations.
- New Internal sender – lets you know that a sender might be an internal sender that is being blocked, enabling the owner to take the action needed
Reward #1
Enforce provides continuous protection by authenticating your email in real-time and proactively alerting you of changes.
With Monitor, you manage your DMARC enforcement on your own, so you’ll want to look for legitimate emails that are failing authentication. Check whether the sending service is included in your SPF record and that DKIM is set up correctly. If not, you’ll need to add them.
Reminder: Once a change has been made, the effects of a DNS update might not appear for hours, and you might not know if you’ve broken something until complaints start rolling in. Your DMARC policy will block you onboard for every new service until the DNS change control process is complete.
In addition, keep an eye on your SPF lookup limits, which are limited to 10. In Monitor, you’ll be able to see details on your SPF Lookups by domain.
With Enforce, legitimate emails won’t be blocked while enforcing DMARC policies because you’ll get proactive notifications of new sending services and can enable them immediately. In addition, Sender IP updates can’t overload your SPF record, so you avoid the risk of legitimate email failing authentication because Enforce auto-generates the correct, specific SPF response in real time.
In addition, if you are looking to minimize DKIM risk, we just released a new DKIM Continuous Protection report in Enforce that gives you visibility into the health of your DKIM keys based on age, usage, and key length (bits), enabling you to ensure that you’re complying with DKIM best practices around key management and rotation. You’ll also be able to set up these notifications:
- Add/Delete DKIM Keys
- DKIM Keys over 6 months
- DKIM Keys over 2 years
If you are using Monitor, you’ll need to manage and track your DKIM key usage and rotation yourself.
Reward #2: Fast-track your implementation of BIMI with Amplify
Now that your domain is at DMARC enforcement, you can stand out in the inbox and take advantage of Brand Indicators For Message Identification (BIMI). By implementing BIMI, you can specify how a logo will be displayed next to email messages at participating mailbox providers.
Here are some of the benefits of BIMI and having your logo in the inbox:
- Enhanced Brand Visibility: Your logo is displayed directly in the inbox.
- Boost in Engagement: Branded emails have been shown to drive more engagement with up to a 3-4% increase in open rates.
- Competitive Edge: Standing out in the inbox with a visible logo gives you a competitive edge, particularly if competitors aren’t taking advantage of BIMI.
- Boosted Trust: Recipients (customers and employees) can visually verify the authenticity of your emails, fostering trust.
If you want to set up BIMI manually, you will need to convert your logo file to the specific, particular format used for BIMI, obtain necessary certifications, ensure that you’ve implemented DMARC at Enforcement and that you have published a BIMI record on your domain’s DNS server. BIMI relies on Mark Certificates (MCs), digital certificates asserting that the domain’s right to use the logo in question has been verified. This verification and issuance of MCs is done by an organization known as a Mark Verifying Authority (MVA), and there are two types of MCs: the Verified Mark Certificate (VMC) and the Common Mark Certificate (CMC).
Here’s a quick breakdown to help you decide whether a VMC or CMC is right for you:
| VMC | CMC | |
| Pros | – Logo and Google’s Blue Checkmark show on desktop and mobile – Highest security bar | – No trademark required – Easier to obtain |
| Cons | – Slower to obtain (if you don’t already have a trademark) | – No Google Blue Checkmark – The logo has to have been in use for over a year |
If you want to fast-track your BIMI implementation, Valimail Amplify is the only fully automated BIMI solution on the market. We streamline the process of acquiring and managing your VMC or CMC and provide single‑click logo configuration for your domains.
How Amplify Can Help:
We’ll help you acquire and manage the process for getting either a VMC or CMC and help you determine which one is right for you. We can also help you format your SVG logo. Once the VMC or CMC is issued, Valimail uploads it to your Amplify account, and your BIMI record is automatically updated to include the new certificate and logo. Valimail Amplify will host your VMC/CMC/SVG file and publish your BIMI record on your organization’s behalf, fully compliant and ready to display in recipient inboxes.
Our dedicated Support Engineers can guide you through BIMI implementation from start to finish without any heavy lifting.
Winners Circle: Staying at DMARC enforcement means being protected 24/7
Your commitment to staying at DMARC enforcement means improved security against phishing and spoofing, increased trust and credibility, and the opportunity to stand out in the inbox. Congratulations, and keep up the great work!
Interested in learning more about Enforce or Amplify?
Wendy Bloechle, Director of Product Marketing at Valimail
