Home » Best practices » Deliverability » Apple updates DMARC – Warning for senders
Recently Apple announced they are switching their DMARC domain policy from “p=none” to a “p=quarantine” on the following domains:
- com
- com
- com
What it implies?
It means delivery issues will be present if you send mails outside Apple’s network.
Al Iverson of Spam Resource states that: “If you have an email address in these domains, your ability to send outbound mail using an email service provider or other, non-Apple email platform to send mail, deliverability won’t look so good. Mail may not be blocked outright (Apple didn’t move to “p=reject”) but moving to “p=quarantine” means it’s much more likely that your mail could end up in the spam folder.”
What does DMARC stands for?
DMARC stands for Domain-based Message Authentication, Reporting and Conformance. In the same way as SPF & DKIM, DMARC is an email validation method designed to detect and prevent email spoofing (it discourages people from using your domain without your permission). DMARC is more advanced however, in that it allows the sender to control what happens to email that does not pass DMARC.
How does DMARC work ?
DMARC builds on alignment of the From domain with SPF and DKIM authentication, on top it adds a reporting function between the emitters and receivers to improve and monitor protection of the domain from fraudulent email.
DMARC in unique in that it lets the sender tell the receiver what to do if the DMARC does not pass – like “None” (no action), “Quarantine” (sends to junk) or “Reject” (block it). This removes some of the guesswork from the receiver’s handling of the failed messages, lowering or eliminating the user’s exposure to potentially fraudulent & harmful messages at the same time. DMARC provides a way for the receiver to report back to the sender about messages that fail DMARC. Senders can now see a report of who is using their domain without permission.
AOL and Yahoo were the first large email providers to apply DMARC policy of “Reject” back in April, 2014. Both of them modified their DMARC policy asking all mail services to reject email claiming to come from their domains.
What to do?
The best solution is to use your own domain name. If you don’t own your own domain, it’s time to do it. The best way to avoid being affected by changes like these in the future is by using your own domain when you send email, and is something we’ve always recommended.
If people sign up at www.megastore22.com, the email should come from an email address that ends in @megastore22.com (not an @Aol, @icloud or @yahoo address).
With your own domain, you have full control. No more worrying about ISPs affecting your delivery by changing their DMARC policies.
Why Apple started doing this?
When mischievous people copy a brand, such as Apples in an attempt to get your personal details, it can trick people into thinking it is real. DMARC is one of the ways receivers can check to see if the sender is really who they say they are therefore, preventing scamming and fishing.
Visit https://dmarcian.com/dmarc-what for more details on what DMARC is and what it does to identify the sender.
Are Gmail or Outlook going to do this as well?
While they both have DMARC records in place, Gmail and Hotmail (Outlook) are not set to block anyone just yet. Gmail said they would incorporate the “Reject” policy in 2016, but no change was made. While Yahoo, AOL and Apple may have been the first to take concrete action by changing their DMARC policies, it short time others will follow. Here is a current list of domains current deployed with a “p=reject” DMARC policy:
yahoo.*
ymail.com
rocketmail.com
aol.com
adp.com
aetna.com
airbnb.com
americanexpress.com
aexp.com
americangreetings.com
applemusic.com
box.com
britishairways.com
chase.com
jpmchase.com
citibank.com
dhl.com
evernote.com
facebook.com
fedex.com
gap.com
groupon.com
instagram.com
linkedin.com
oldnavy.com
paypal.com
pinterest.com
pch.com
rollingstone.com
squarespace.com
twitter.com
ups.com
ftc.gov
senate.gov
usps.gov
usaa.com
wachovia.com
wellsfargo.com
whatsapp.com
How will this affect me?
I made a test in 2015 using our servers From a @Yahoo address and it was clear DMARC was present. I sent a bulk email to over 600 test accounts all over the world and over 56% of the mail sent to the United States went missing (32.2% worldwide).
The list of ISPs that were completely blocked were:
Gmail
Yahoo (worldwide)
Hotmail/Outlook
AOL
ATT
Rogers
Bellsouth
British
Telecom
Comcast
CompuServe
Netscape
SBC
Cantv.net
I reapeted the experiment in 2018. The results were exactly the same with the difference that apple 3 domains were completely blocked.