Frequently Asked Questions

Our mission is to elevate your DMARC policy to "quarantine" or "reject" for your domain and all its subdomains. We are dedicated to achieving this for every domain we work with, ensuring maximum email security and trust.

Explore our case study to see how we helped one of our early clients transform their email domain policy and enhance their security.

At RefineEmail, our focus is on doing the work for you—not just educating you about the complexities of SPF, DKIM, and DMARC. While it's helpful to understand these concepts at a high level, we ensure you never have to worry about managing your subdomain's DMARC policy.

You can either trust us to update your domain records directly, or we can work with you to make the changes together. In either case, we back that trust with clear metrics and tangible results, demonstrating how our efforts improve the success of your email communications.

According to the U.S. Cybersecurity and Infrastructure Security Agency, over 90% of successful cyberattacks start with phishing emails. Researchers have highlighted that AI is particularly effective in creating business email compromise scams - a type of malware - free phishing where attackers deceive recipients into transferring funds or disclosing sensitive company information.

By securing your company's domain, you protect your online presence, preserve your brand reputation, and reduce the risks posed by cyber threats.

Starting February 2024, Google and Yahoo Mail have strengthened their email security policies. If your business sends 5,000 or more emails per day to these providers, your domain must have a valid DMARC policy published in your DNS. This means that emails sent from your domain, including those sent by third-party services like Mailchimp or Constant Contact, must pass DMARC authentication checks. Otherwise, these emails may be blocked or sent to spam folders.

SPF (Sender Policy Framework) is the foundational layer of email security. It allows you to specify which servers or services are authorized to send emails on behalf of your domain. Think of SPF as a list of approved mail carriers for your business. It tells receiving email servers, "These are the services allowed to deliver emails from us." Just like checking a package's return address to verify its sender, email servers use SPF to confirm that an email truly came from your domain — not from a scammer.

DKIM (DomainKey Identified Mail) is like adding a digital seal to your emails. It applies a unique cryptographic signature that verifies the message hasn't been altered during transit. Imagine receiving a package with a tamper-proof seal - if the seal is intact, you know the contents are authentic and untouched. DKIM works the same way to ensure your emails remain trustworthy.

DMARC (Domain-based Message Authentication Reporting and Conformance) ties everything together. It lets you publish a policy instructing email servers on what to do if an email fails SPF or DKIM checks. It’s like having a security guard at the door who checks both the sender's credentials (SPF) and the integrity of the package (DKIM) before letting it in. DMARC also provides reporting so you can see who's trying to send emails from your domain — whether authorized or not.

With DMARC, domain owners can publish a policy that instructs receiving email servers on how to handle messages from their domain. There are three DMARC policies you can implement, each providing a different level of protection:

• Monitor (p=none): This policy allows unqualified emails to be delivered to the recipient's inbox or other folders. Think of it as leaving your front door open with no security guard — anyone can walk in.
• Quarantine (p=quarantine): Unqualified emails are directed to the recipient's junk or spam folder. It's like putting a screen door on your entrance with a security guard keeping an eye on who comes through.
• Reject (p=reject): The strictest policy, this blocks unqualified emails from reaching the recipient. It's like locking your front door — only those with the right key can get in.

When emails fail both SPF and DKIM checks, it means neither authentication method can confirm the email's legitimacy. Imagine expecting a package, but it arrives from an unknown sender with a broken seal — it raises suspicion.

DMARC policies, such as "quarantine" or "reject," dictate what happens to these unqualified emails. By implementing and enforcing DMARC, you can drastically reduce the chances of unauthorized emails reaching your recipients, enhancing your email security and safeguarding your brand reputation.

The security methods we offer are for emails sent "from" your domain name, not emails that come "to" your domain. These methods don't stop spam, viruses, or phishing emails that are sent to your organization. It's important for employees to learn how to spot and avoid phishing attempts, like suspicious emails, links, and attachments.

By combining strong security for your domain with training for your team, you can better protect your inbox and organization from harmful emails.

Our goal is to stop bad actors from sending emails pretending to be from your domain. We do this by making sure the person receiving your email has enough information to know if it's real or not. This helps them decide whether the email is likely to be fraudulent or spam.