Internet Performance Delivered right to your inbox

The DMARC Bandwagon: Who’s Next To Get On Board?

It happened. We are witnessing history.

DMARC BandwagonAOL is the second big mailbox provider to implement a strict “reject” policy on their domain’s DMARC policy in order to prevent the recent spoofing hack from happening again.

OK, maybe it’s not the most exciting history to witness, but 2014 will now have a spot on the History of Evolution of Spam timeline, and this change is happening quickly. We just blogged about this yesterday with some friendly (and potentially biased) advice on who to call for help.


Last month, Yahoo! implemented a strict “reject” policy (via DMARC) on any email that does not originate from a Yahoo! authorized server. This is a huge step in protecting their brand and their customers, but it also caused quite a stir among legitimate email senders who were affected negatively.

After falling victim to a spoofing attack earlier this week, AOL has put this same DMARC policy in place. In their Postmaster update, AOL has pointed out the types of senders this affects:

  • Email service providers (ESP) sending mail on behalf of businesses using AOL addresses
  • Websites with “Share with a friend” functionality, sending mail using AOL addresses
  • Small businesses using other 3rd party services to send mail and communication between their employees and / or customers
  • Services used to forward mail
  • Mailing lists (listservs)

What does this all mean?

1) Only send from a domain you control. Period. This is no longer a “best practice,” it’s a necessity.

2) Think about who’s next. As large corporate brands tighten up their email policies, the spammers and phishers will start going after smaller targets. Are you ready to implement DMARC? Is your brand safe? For even more info, take a look at our own whitepaper on email security.

DMARC isn’t going away

It works, and it’s being implemented by a wide variety of brands. In DMARC’s first year of existence, 50 percent of the top 20 sending domains published a DMARC policy, with 70 percent of those domains asserting a policy that directs receivers to take action against unauthenticated messages, according to

This is a lot to take in if you’re not already an email/brand security geek. If you need help, and don’t want to click around on the links above, give us a call and we’ll be happy to assist!

Share Now

Whois: Scott Grant

Scott Grant is a Senior Product Manager, Email Delivery at Oracle Dyn Global Business Unit, a pioneer in managed DNS and a leader in cloud-based infrastructure that connects users with digital content and experiences across a global internet.