In February, Google and Yahoo introduced new email validation requirements to curb spam and phishing. Among the array of updates, companies must now use the Domain-based Message Authentication Reporting and Conformance (DMARC) protocol when emailing customers.
According to cloud-native email security provider EasyDMARC, the DMARC protocol uses the Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM ) to verify that an email sender is legitimate — automatically rejecting, quarantining or reporting emails that fail checks and reducing the risk of phishing and spoofing attacks. This measure, EasyDMARC says, is part of a broader initiative to bolster trust in email communications as cybersecurity threats continue to evolve.
EasyDMARC reports that Google and Yahoo are now temporarily rejecting non-compliant emails ahead of enforcement “no earlier than June 2024” — meaning companies that are not in compliance may risk having important messages wind up in spam folders or getting rejected.
Key findings from EasyDMARC’s survey
EasyDMARC’s latest research of IT decision-makers reveals that a majority (54 percent) of those surveyed would outsource their DMARC implementation to an IT provider, consultancy or specialist service.
What’s more, just 37 percent of organizations currently comply with the updated email authentication requirements. And only 28 percent of IT decision-makers would manually implement the required changes internally.
When asked about strategies for implementing email authentication, responses varied among the decision-makers surveyed. Excluding those who had already adopted the technology and had no plans to implement it, over half of the remaining respondents (51 percent) indicated they would rely on their IT provider or a consultancy to implement the DMARC protocol.
Additionally, 15 percent planned to use a specialist service to handle the technical aspects of implementation. Two-thirds (66 percent) of businesses, when considering implementation, would outsource it, and only 34 percent would manage the required domain changes internally.
The survey also revealed that IT decision-makers lack confidence regarding the deployment of email authentication tools with 40 percent of IT decision-makers pointing to the complexity of implementation as a major barrier to adoption.
How MSPs should approach DMARC compliance
The new email requirements are a step change for business owners and marketing teams, with email authentication methods that were once viewed as best practices and recommendations now mandatory.
According to EasyDMARC global channel manager Mike Anderson, this is a game-changer for MSPs serving SMBs. Anderson and his team at EasyDMARC are reporting a “critical gap in knowledge and resources within organizations, making it difficult to adapt to the standards now required by providers like Google and Yahoo.”
This situation, Anderson says, presents an enormous opportunity for MSPs to become indispensable allies.
“DMARC is as hot as it gets in the cybersecurity market,” said Anderson. “With DMARC requirements going from optional to mandatory, nobody can escape it. SMBs simply don’t have the expertise to remain compliant. So there is a massive opportunity for the channel.”
As Anderson pointed out, the need for DMARC compliance extends beyond marketing. Most small businesses today depend on email to connect with customers for critical communications like invoicing, account updates and customer service. When these emails don’t reach their destination, businesses directly suffer.
There is also a misconception that DMARC compliance is only necessary for marketers distributing bulk emails. Email service providers are increasingly looking to improve safety and prevent spam from reaching customers. And this means all senders are now facing tighter security controls.
By offering expertise and implementation services for DMARC and related protocols, MSPs can help small business owners stay compliant.
“Not only does this enable organizations to navigate the complexities of compliance smoothly, but it also opens avenues for MSPs to introduce additional services,” Anderson explained. “As the compliance deadlines continue to pass, and with the majority of businesses poised to seek external support, now is the opportune moment for MSPs to expand their offerings and reinforce their role as vital security partners.”
According to Anderson, it’s not too late for MSPs to start offering DMARC services. However, the window of opportunity won’t last forever.
“If you’re not monetizing or providing DMARC services, you’re probably damaging your brand,” Anderson concluded. “Because if customers don’t get it from you, they will look elsewhere. The bottom line is, businesses can no longer get by without being DMARC-compliant. For MSPs, now is the time to spread the word about DMARC, pick up new customers and open new revenue streams.”
EasyDMARC’s latest research gathered findings from 1,000 IT decision-makers across the U.S., U.K., Europe and Oceania to assess their awareness and adoption of new email authentication protocols introduced by Google and Yahoo.
To access the full report, visit EasyDMARC’s website.
