3 Reasons why DMARC – and BIMI – are essential for all marketers in retail

At Red Sift, we talk a lot about how our mission is to democratize the technology essential for cybersecurity. In short, make it accessible for everyone. And there’s a specific reason for this, namely that the problems which arise from incorrect email security configuration don’t just impact IT departments, they impact entire businesses. 

We recently published a brand new report evaluating email security in the retail sector. Email is an essential tool that the retail industry uses daily, both to prospect to new customers and to communicate with existing ones. But right now, 90% of global retailers aren’t correctly DMARC configured, meaning they are open and vulnerable to email fraud. 

So, while many retail marketers are pumping precious time and resource into their email campaigns, incorrect DMARC setup could be scuppering their efforts. At best your outbound emails could be going straight into spam, and at worst hackers could be impersonating your brand to bombard your customers with fake emails and phishing scams. 

In this blog post, we’ve compiled 3 reasons why correct DMARC setup should be a priority for all marketers in retail.

But first: what is DMARC?

DMARC is an email authentication protocol that protects domains from exact domain impersonation. When properly configured, DMARC uses existing protocols DKIM and SPF to ensure that emails sent using your domain are legitimate, preventing hackers from impersonating your brand and damaging your reputation. Correct DMARC configuration can also improve email deliverability rate, as receiving senders can see that your emails have come from a reputable source. The setup and configuration of your DMARC policy can seem daunting at first, but it really doesn’t need to be – that’s where OnDMARC comes in.

1. You may not know it yet, but your reputation relies on it

In retail, reputation is everything. We found that 67% of people trust a company less after a data breach, and 22% won’t use a company again if they are hacked. It’s clear that a business’s brand equity is intrinsically linked with how customers view their integrity, and it’s key that this is upheld at all times.

But while retailers tend to focus on online reviews, customer service, and quality of goods as key indicators of their trustworthiness, they overlook some key infrastructure issues that are putting them at risk every day – namely their email security setup and DMARC configuration. 

Retail businesses are in constant communication with customers via email, and more often than not these retail databases house highly sensitive information like email addresses, phone numbers, and credit card details. It’s difficult to imagine an industry more vulnerable to the effects of cybercrime, and even harder to understand why only 10% of retail businesses have implemented a secure DMARC policy so far. 

If you’re a marketing professional in retail, getting your organization’s DMARC policy properly configured to p=reject is vital, because it means that your company’s brand is protected against impersonation, and your customers are better safeguarded against phishing emails and cyber attacks. 

67% of people trust a company less after data breach

2. Deliverability can depend on DMARC

DMARC configuration plays a major role in the deliverability rate of all emails. Currently, around 80% of consumer inboxes are fully DMARC configured, and global DMARC records have jumped up by over 2 million in the last 3 years. More and more domains are putting the right email security in place, meaning that now a whopping 1 in 6 emails don’t even get delivered.

Whether you’re sending out promotional or transactional emails to customers, if they aren’t coming from a DMARC configured domain, they may end up dumped in spam or even blocked – really not an ideal scenario for any marketer.

As a sector that relies so heavily on email, it’s more important than ever that retail businesses catch up and correctly configure their DMARC policies. Once this is done, they can expect to see more ROI and stop email marketing efforts from going to waste.

email deliverability and DMARC

3. BIMI for brand impressions and much more

BIMI stands for Brand Indicators for Message Identification. This new standard allows businesses to show their registered logo on their emails using a Verified Mark Certificate (VMC). Essentially, this combines the deliverability and anti-spoofing benefits of DMARC.

BIMI has a number of benefits. For a start, it increases your brand impressions, as more people are seeing your trademarked logo in the inbox, instead of a blank avatar. It’s also been proven to have a positive impact on how consumers interact with emails. We found that showing a logo on an email can increase open rates by as much as 39%, buying behavior by 32%, and brand recall by as much as 120%.

Trust is a key component of any consumer relationship. While BIMI isn’t a security protocol itself, the appearance of a registered logo in an email using a VMC tells the recipient that the sender is DMARC compliant, meaning the email can be trusted. We found that showing a verified logo on an email increases consumer confidence in that email by 84%.

This might seem like a relatively simple concept, but the use of BIMI is rapidly increasing, and businesses that hold back are risking missing out on the benefits. You can check if your domain is BIMI ready and find out more about our end-to-end BIMI solution here.

BIMI increases brand impressions

Find out more

Ultimately, DMARC is a necessary layer of security that safeguards your brand, your customers, your deliverability, and your marketing efforts. To find out more about retail’s threats and opportunities in the current email landscape, plus the business benefits of DMARC and BIMI, download our latest report below.

download the whitepaper red sift


Sabrina Evans

8 Oct. 2021



Recent Posts


Preventing certificate related violations in cybersecurity frameworks:  A guide to certificate monitoring…

Rebecca Warren

TLS is one of the most widely adopted security protocols in the world allowing for unprecedented levels of commerce across the internet.  At the core of the TLS protocol is TLS certificates. Organizations must deploy TLS certificates and corresponding private keys to their systems to provide them with unique identities that can be reliably…

Read more

Red Sift ASM & Red Sift Certificates: the missing link in your…

Billy McDiarmid

According to Gartner, Attack Surface Management (ASM) refers to the “processes, technology and managed services deployed to discover internet-facing enterprise assets and systems and associated exposures which include misconfigured public cloud services and servers.” This broad category of tooling is used within Continuous Threat Exposure Management (CTEM) programs, with many vendors within it having…

Read more

The best tools to protect yourself from SubdoMailing

Francesca Rünger-Field

In late February 2024, ‘SubdoMailing’ became a trending search term overnight. Research by Guardio Labs uncovered a massive-scale phishing campaign that had been going on since at least 2022. At the time of reporting, the campaign had sent 5 million emails a day from more than 8,000 compromised domains and 13,000 subdomains with several…

Read more
Product Release

Red Sift’s Spring 2024 Quarterly Product Release

Francesca Rünger-Field

This early into 2024, the cybersecurity space is already buzzing with activity. Emerging standards, such as Google and Yahoo’s bulk sender requirements, mark a new era of compliance for businesses reliant on email communication. At the same time, the prevalence of sophisticated cyber threats, such as the SubdoMailing campaign, emphasizes the continual hurdles posed…

Read more