Home » Best practices » Deliverability » Apple updates DMARC – Warning for senders Recently Apple announced they are switching their DMARC domain policy from “p=none” to a “p=quarantine” on the following domains:

• com
• com
• com

What it implies?

It means delivery issues will be present if you send mails outside Apple's network. Al Iverson of Spam Resource states that:  “If you have an email address in these domains, your ability to send outbound mail using an email service provider or other, non-Apple email platform to send mail, deliverability won’t look so good. Mail may not be blocked outright (Apple didn’t move to “p=reject”) but moving to “p=quarantine” means it’s much more likely that your mail could end up in the spam folder.”

What does DMARC stands for?

DMARC stands for Domain-based Message Authentication, Reporting and Conformance. In the same way as SPF & DKIM, DMARC is an email validation method designed to detect and prevent email spoofing (it discourages people from using your domain without your permission). DMARC is more advanced however, in that it allows the sender to control what happens to email that does not pass DMARC.

How does DMARC work ?

DMARC builds on alignment of the From domain with SPF and DKIM authentication, on top it adds a reporting function between the emitters and receivers to improve and monitor protection of the domain from fraudulent email. DMARC in unique in that it lets the sender tell the receiver what to do if the DMARC does not pass – like “None” (no action), “Quarantine” (sends to junk) or “Reject” (block it). This removes some of the guesswork from the receiver’s handling of the failed messages, lowering or eliminating the user’s exposure to potentially fraudulent & harmful messages at the same time. DMARC  provides a way for the receiver to report back to the sender about messages that fail DMARC. Senders can now see a report of who is using their domain without permission. AOL and Yahoo were the first large email providers to apply DMARC policy of “Reject” back in April, 2014. Both of them modified their DMARC policy asking all mail services to reject email claiming to come from their domains.

What to do?

The best solution is to use your own domain name. If you don’t own your own domain, it’s time to do it. The best way to avoid being affected by changes like these in the future is by using your own domain when you send email, and is something we’ve always recommended. If people sign up at www.megastore22.com, the email should come from an email address that ends in @megastore22.com  (not an @Aol, @icloud or @yahoo address). With your own domain, you have full control. No more worrying about ISPs affecting your delivery by changing their DMARC policies.

Why Apple started doing this?

When mischievous people copy a brand, such as Apples in an attempt to get your personal details, it can trick people into thinking it is real. DMARC is one of the ways receivers can check to see if the sender is really who they say they are therefore, preventing scamming and fishing. Visit https://dmarcian.com/dmarc-what for more details on what DMARC is and what it does to identify the sender.

Are Gmail or Outlook going to do this as well?

While they both have DMARC records in place, Gmail and Hotmail (Outlook) are not set to block anyone just yet. Gmail said they would incorporate the “Reject” policy in 2016, but no change was made. While Yahoo, AOL and Apple may have been the first to take concrete action by changing their DMARC policies, it short time others will follow. Here is a current list of domains current deployed with a “p=reject” DMARC policy: yahoo.* ymail.com rocketmail.com aol.com adp.com aetna.com airbnb.com americanexpress.com aexp.com americangreetings.com applemusic.com box.com britishairways.com chase.com jpmchase.com citibank.com dhl.com evernote.com facebook.com fedex.com gap.com groupon.com instagram.com linkedin.com oldnavy.com paypal.com pinterest.com pch.com rollingstone.com squarespace.com twitter.com ups.com ftc.gov senate.gov usps.gov usaa.com wachovia.com wellsfargo.com whatsapp.com

How will this affect me?

I made a test in 2015 using our servers From a @Yahoo address and it was clear DMARC was present. I sent a bulk email  to over 600 test accounts all over the world and over 56% of the mail sent to the United States went missing (32.2% worldwide). The list of ISPs that were completely blocked were: Gmail Yahoo (worldwide) Hotmail/Outlook AOL ATT Rogers Bellsouth British Telecom Comcast CompuServe Netscape SBC Cantv.net I reapeted the experiment in 2018. The results were exactly the same with the difference that apple 3 domains were completely blocked.