New email requirements around DMARC unlock opportunities for MSPs

Pax8
DMARC, DKIM, and SPF email requirement changes

Email security is evolving, with major providers putting in place new requirements for email authentication. These changes require anyone sending emails from accounts hosted by major providers such as Google and Yahoo to specifically solve for DMARC (domain-based message authentication, reporting, and conformance), SPF (sender policy framework), and DKIM (DomainKeys identified mail). While these changes have already been implemented, they present a golden opportunity for managed service providers (MSPs) to educate their clients and expand their service offerings. This blog will cover what the changes are and how MSPs can help their clients meet the new requirements with solutions purpose-built for the MSP market and small- and medium-sized businesses (SMBs).

How email security has changed

For years, robust email security solutions that solved for DMARC, SPF, and DKIM were predominantly available only at the enterprise level, requiring significant investments that were out of reach for many smaller businesses. Enterprise-focused vendors have dominated this space, offering high-end solutions designed to meet the needs of large organizations. However, this left a significant gap in the market for MSPs and SMBs who required similar protections but at a scale and price point that made sense for them.

In a way, these changes are better for everyone involved. Stricter email authentication requirements help organizations reduce spam and mitigate phishing attacks, so they don’t fall victim to this infamous insider threat. These requirements are now a critical factor for any business that relies on email communication—especially those involved in bulk email sending. Failure to comply could result in significant drops in email deliverability, with emails being marked as spam or rejected outright.

What are DMARC, SPF, and DKIM, exactly?

These email requirements can look a bit like alphabet soup, so let’s break them down:

  • DMARC, or domain-based message authentication, reporting, and conformance, is an open email authentication protocol that gives domain-level protection to emails by detecting and preventing email spoofing, in which bad actors replicate trusted domain names. DMARC helps prevent cyber threats such as phishing and business email compromise (BEC).
  • SPF, or sender policy framework, lets domain owners create a list of IP addresses of servers authorized to send email from the domain. This helps prevent spoofing, phishing, and spam.
  • DKIM, or DomainKeys identified mail, is a protocol that enables organizations to take responsibility for sending a message by signing it in a verifiable way with cryptographic authentication.

What are the changes?

These changes are slightly different depending on the provider, but they aim to accomplish the same thing: enhancing email security. Starting in February, Gmail started requiring email authentication for accounts sending more than 5,000 emails per day to Gmail accounts. Thus, requiring them to have a DMARC policy in place to align with SPF and DKIM, and to ensure it’s easy for recipients to unsubscribe from emails with one click. In addition, recipients can’t report a sender’s messages as spam more than 0.3% of the time without risking that those emails will go directly to spam in the first place.

Yahoo put similar changes into effect in February, while Apple similarly posted email best practices but didn’t share a date for needing a DMARC policy.

Why these changes should matter to MSPs

The impact of these changes is far-reaching because organizations that don’t have DMARC/DKIM/SPF solutions in place are at a greater risk of poor email deliverability. This presents both a challenge and an opportunity for the MSPs that serve them.

On the one hand, it’s the MSP’s job to ensure its clients are up to date with these new requirements. On the other hand, this presents a great chance to continue presenting yourself as your clients’ trusted security partner. Because the SMB channel has historically lacked accessible solutions for these requirements, you can walk them through the changes and implement solutions they need to make sure they don’t suffer from any interruptions to business operations, lost revenue, or damage to reputation. In fact, research has shown that more than half of IT decision makers surveyed lacked the expertise and resources needed to implement email authentication tools. And the same survey showed 54% of respondents would outsource DMARC implementation to an IT consultant or specialist.

Finding the right DMARC solutions

Pax8 is committed to helping our partners and their clients succeed in keeping up with changes to the email landscape. We have several solutions that are specifically built for SMBs in this space, including the following:

Valimail: The Valimail Core solution authenticates sender identity to stop phishing, protect brands, and ensure compliance.

IRONSCALES: This email security company helps organizations fight against phishing attacks with a self-learning, AI-driven platform that continuously detects and remediates advanced threats like business email compromise (BEC), credential harvesting, and account takeover (ATO).

Red Sift: This cloud-based, multi-tenant application simplifies the management of SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), DMARC, and MTA-STS (Mail Transfer Agent-Strict Transport Security) records through a unified interface to protect against phishing and BEC attacks.

EasyDMARC: This one-stop solution for DMARC monitors records and generates reports through a simplified and automated DMARC management platform.

Have questions? Get in touch with our experts to navigate these changes successfully. And be sure to explore the Pax8 Marketplace, where you can filter by your clients’ specific needs to find the email authentication and security solutions that’ll keep business humming — for you and your clients.

Explore solutions