Enhancing Email Security with DMARC on Wealthy Affiliate Domains
Hi Everyone,
Today I'm going to be talking to you about something you've likely heard rumblings about both in the community here at WA, and in tech news...and that is DMARC.
What Exactly is DMARC?
DMARC stands for Domain-based Message Authentication, Reporting & Conformance. This system is essentially your email domain's security system, keeping you safe from imposters like phishing and spoofing attacks that could tarnish your domain's reputation.
If you've been around on the Internet for any length of time, you've probably received emails that look suspicious. These types of emails claim to be from your bank or a familiar service, asking for personal information etc. These are often attempts to swipe your data using a fake sender address. With DMARC, it’s like having a verification checkpoint, confirming that the emails sent from your domain are legitimate and not sent by a malicious 3rd party.
Wealthy Affiliate has always put user security at the forefront, and incorporating DMARC records for all hosted domains is part of that commitment. The implementation of DMARC on all domains on our network is a significant step in maintaining the integrity and security of your digital presence.
How DMARC Secures Your Email
DMARC is a bit like having a high-tech security system for your email domain. There are two ways to validate email and have DMARC pass.
- SPF (Sender Policy Framework)
- DKIM (DomainKeys Identified Mail)
All WA domains have SPF records, which define the mail servers that are allowed to send emails on behalf of your domain, essentially creating a list of 'authorized' sending servers.
DKIM (another security method) adds a digital signature to outgoing emails that verifies the message hasn't been tampered with during transmission.
As long as SPF OR DKIM pass, then your email will be deemed "safe". WA domains use the SPF method.
The DMARC policy sets the rules for SPF and DKIM. When an email hits an inbox (for example a GMAIL mailbox), The DMARC policy is checked to see if the email aligns with the SPF and/or DKIM records you've published in your DNS. This means it's looking to ensure that the email is using a listed server (thanks to SPF) and/or that its contents are untampered with (thanks to DKIM). It's basically like a bouncer at a night club door, looking at your ID and your invitation to make sure everything checks out before they let you in.
DMARC lets you set policies that instruct receiving servers on what to do with emails that don't pass these checks. You can choose to have them marked as spam, quarantined, or even outright rejected.
For domains hosted here at WA, if an email arrives at an email provider using yourdomain.com, and it does not pass SPF (meaning that it's not sent from our servers), then we tell the email provider to REJECT the email. This way someone cannot send email pretending that it's from your domain, it won't just go to a SPAM folder, it's instructed that that Spoof email is rejected entirely.
So there you have it, just a quick update on email security here at WA. Google, Yahoo, and others are clamping down and becoming more strict on allowing email from domains without DMARC starting Feb 1, 2024, so you're all set in advance of that.
If you've got any questions I will be happy to answer them for you. Rest assured that your domains are secure and that they cannot be used to email and trick the recipient into doing something they shouldn't.
Recent Comments
97
I still have not heard anything. I checked with Name Cheap who are my domain providers and was told that whoever my nameservers are pointed to would have to provide DMARC and DKIM for my two websites.. My websites are hosted here and I have email with Wealthy Affiliate also. What am I supposed to do
You need to change the settings in your email service provider if you have one if not then dont worry about it. It is an email mandate
Hi Donnie
As I have already said below, you need to get the details from Get Response, not from your hosting service. Then, when Get Response gives you the details, you should contact WA Site Support as your site host and ask them to update nameservers at WA (DNS).
:-)
Richard
Thanks Richard I got the information from Get Response and Contacted WA support It is all taken care of.
i appreciate your help and everyones responses. I was very confused.
Hi Carson,
I have been using mass email marketing through Mailchimp for the past few months, experimenting with email marketing. I have been using Chat GPT to help me write better well performing emails.
I have been scripting Chat GPT to help me write these emails in a non-spam triggering manner; however, I still end up in my own (Gmail) spam folder...
Does this update to WA hosted domain emails have any impact on MailChimp sent emails? Does this make mass emails look more like spoof at that point or do Mailchimp sent emails still pass the checkpoints with WA credentials?
Mailchimp emails with WA hosted email address. Do they send from WA servers or from Mailchimp servers?
I am looking to send emails that don't trigger spam, ever... If that's even possible.
Thanks Carson,
I hope to hear back from you soon!
I did my own research and found out Mailchimp has an extra step to take for Mass Emails to be sent using Mailchimp linked to WA hosted domains. How To Authenticate Your Email Domain For MailChimp Mass Email Marketing
My auto-responder is still telling me I am not compliant.
I use two auto-responders, MailerLite and Aweber, and I also use Zoho for my business emails from Thunderbird etc.
Do I need 3 different SPF records or what? I'm going nuts trying to liase between all these different support agencies who are all talking above my head!
WA have a long-standing thread open and are working with me, so I'm sure it's me being dense, but I'm getting in a panic now as MailerLite stopped my emails going out yesterday because I'm not compliant.
Hi Joy,
If you are using an autoresponder then you're going to need the SPF records for your domain updated based on the details that those providers give you. Your domain SPF record will need to include the servers that those autoresponders send from - we can help you with this but you'll need to get that information from the autoresponders.
Also - I'm curious why you are using 3x autoresponders? Seems like you might be able to consolidate some of that work and simplify your processes?
For Aweber, our team just needs to modify your SPF record to include the value "include:
http://send.aweber.com
".
I found your SiteSupport ticket here and added a comment to you and my SiteSupport team to include the Aweber SPF entry.
Thanks Carson, but MailerLite are now telling me that I have multiple SPF records and should only have one.
* Zoho is just my ordinary email provider that I use for sending emails from Thunderbird
* There are two auto-responders (Aweber and MailerLite) because they link to different affiliate programs I use and have a very complicated set of emails set up.
It's not ideal, but both have their benefits - except when trying to create a single SPF record!
Appreciate your help and hope I can get just one SPF record sorted!
Thanks, Joy
I found out with Mailchimp there was another step to take, adding some CNAME to your domain records. It was actually pretty easy with WA hosted domain emails. How To Authenticate Your Email Domain For MailChimp Mass Email Marketing
Thank you Carson for such a clear explanation of what DMARC is, and how it has been implemented, in timely fashion, to enhance the security and protection of our domain emails. This is just another awesome change being made on the platform, and I'm so grateful to be a part of it all!
Kevin
Hi Carson,
Thank you so much for this reassurance. WA is certainly contributing in a big way to Internet security - great for our principal marketplace far into the future.
It's good to hear from you. Thanks for beavering away behind the scenes to make our lives so smooth! Certainly, my Internet life has changed considerably since joining WA!
Blessings and Success in the Year of the Dragon! 🐉
See more comments
I am using Aweber and under my website name it says 'unauthenticated' and 'fix issue'.
When I click on 'fix issue' it asks to add 3 CNAME records to set up DKIM.
I am struggling to find my DNS Manager to even begin to add any new DNS records.
Any help would be appreciated, please.
Hi Louise,
I would appreciate your help. How did you solve the problem? I have to install Aweber for a website, and Site Support does not give any answer. Where did you add the 3 CNAME records? Thank you.
Greetings,
Diana.
Hi Diana, I spent hours trying to find the solution and eventually contacted Site Support who sorted it for me. Go back to them and ask again as this is the only way you can add them.
Louise
Hi Louise,
Everything is sorted now. Thank you for your answer. Have a great week ahead.
Diana
You're very welcome, Diana, you too.