Enhancing Email Security with DMARC on Wealthy Affiliate Domains

Hi Everyone,

Today I'm going to be talking to you about something you've likely heard rumblings about both in the community here at WA, and in tech news...and that is DMARC.

What Exactly is DMARC?

DMARC stands for Domain-based Message Authentication, Reporting & Conformance. This system is essentially your email domain's security system, keeping you safe from imposters like phishing and spoofing attacks that could tarnish your domain's reputation.

If you've been around on the Internet for any length of time, you've probably received emails that look suspicious. These types of emails claim to be from your bank or a familiar service, asking for personal information etc. These are often attempts to swipe your data using a fake sender address. With DMARC, it’s like having a verification checkpoint, confirming that the emails sent from your domain are legitimate and not sent by a malicious 3rd party.

Wealthy Affiliate has always put user security at the forefront, and incorporating DMARC records for all hosted domains is part of that commitment. The implementation of DMARC on all domains on our network is a significant step in maintaining the integrity and security of your digital presence.

How DMARC Secures Your Email

DMARC is a bit like having a high-tech security system for your email domain. There are two ways to validate email and have DMARC pass.

1. SPF (Sender Policy Framework)
2. DKIM (DomainKeys Identified Mail)

All WA domains have SPF records, which define the mail servers that are allowed to send emails on behalf of your domain, essentially creating a list of 'authorized' sending servers.

DKIM (another security method) adds a digital signature to outgoing emails that verifies the message hasn't been tampered with during transmission.

As long as SPF OR DKIM pass, then your email will be deemed "safe". WA domains use the SPF method.

The DMARC policy sets the rules for SPF and DKIM. When an email hits an inbox (for example a GMAIL mailbox), The DMARC policy is checked to see if the email aligns with the SPF and/or DKIM records you've published in your DNS. This means it's looking to ensure that the email is using a listed server (thanks to SPF) and/or that its contents are untampered with (thanks to DKIM). It's basically like a bouncer at a night club door, looking at your ID and your invitation to make sure everything checks out before they let you in.

DMARC lets you set policies that instruct receiving servers on what to do with emails that don't pass these checks. You can choose to have them marked as spam, quarantined, or even outright rejected.

For domains hosted here at WA, if an email arrives at an email provider using yourdomain.com, and it does not pass SPF (meaning that it's not sent from our servers), then we tell the email provider to REJECT the email. This way someone cannot send email pretending that it's from your domain, it won't just go to a SPAM folder, it's instructed that that Spoof email is rejected entirely.

So there you have it, just a quick update on email security here at WA. Google, Yahoo, and others are clamping down and becoming more strict on allowing email from domains without DMARC starting Feb 1, 2024, so you're all set in advance of that.

If you've got any questions I will be happy to answer them for you. Rest assured that your domains are secure and that they cannot be used to email and trick the recipient into doing something they shouldn't.