How SmugMug Strengthened Email Authentication and Deliverability with EasyDMARC
Originally published at How SmugMug Strengthened Email Authentication and Deliverability with EasyDMARC by Sona Mirzoyan.
Why Your SOC is Blind to Your Biggest Attack Surface (And How to Fix It)
Originally published at How SmugMug Strengthened Email Authentication and Deliverability with EasyDMARC by Sona Mirzoyan.
About the Customer
Company: SmugMug
Industry: Image Hosting & Online Media Platforms
Products: Paid photo and video hosting, digital and print media sales
SmugMug is a leading paid image sharing and hosting platform that enables amateur and professional photographers to upload, store, and sell photos and videos.In 2018, SmugMug acquired Flickr, further expanding its global user base. Email is crucial for SmugMug’s daily operations, supporting account management, billing, and security communications.
The Challenge: Limited Visibility and Increased Deliverability Risk
Before implementing EasyDMARC, SmugMug lacked a clear view of consistent inbox placement. While delivery issues were not widespread, occasional reports of missing renewal or account-related emails highlighted risks that could not be ignored at scale.
Shane Meyers, Senior Staff Operations Engineer at SmugMug, explained that the biggest challenge the team faced was the lack of visibility and tooling needed to clearly assess performance or clearly authenticate emails with major mailbox providers.
As Shane noted,
“We didn’t have good visibility into what was happening, and we didn’t have the right tools set up to give receiving systems confidence that our messages were legitimate and should go to the inbox.”
At the same time, large mailbox providers such as Google and Yahoo began enforcing stricter DMARC requirements for high-volume senders. As a large sender of transactional, marketing, and security emails, SmugMug recognized the risk of legitimate emails being routed to spam if proper authentication and enforcement were not in place.
The primary objective was clear: ensure maximum inbox placement for legitimate email and meet the authentication expectations of major receiving systems.
The Solution: Centralized DMARC Management and Simplified SPF Control
SmugMug selected EasyDMARC to act as the authoritative source for DMARC record management. This allowed the team to control DMARC policy values directly through an intuitive web interface rather than manually editing DNS records.
DMARC configuration can be complex, relying on multiple single-letter tags where even minor errors can cause unintended behavior. EasyDMARC’s interface provided clear documentation and visibility into how each setting functioned, enabling informed configuration changes without unnecessary risk.
In addition to DMARC management, EasyDMARC’s EasySPF feature addressed a long-standing challenge. SmugMug’s SPF records had grown complex, at times exceeding the SPF lookup limit and causing delivery issues. EasySPF flattened these records, reduced DNS lookup overhead, and allowed the team to enable or disable sending sources safely through the dashboard, without the risk of misconfiguring DNS manually.
Onboarding and DMARC Enforcement
The onboarding process was structured and efficient. EasyDMARC’s team guided SmugMug through initial setup, DNS updates, and record alignment, ensuring a smooth transition to centralized management.
SmugMug began with DMARC monitoring, collecting aggregate reports to establish a baseline view of their email ecosystem. Enforcement was then gradually introduced, increasing DMARC policy strength by approximately 10% per day until reaching full enforcement over a two-week period.
Throughout this process, EasyDMARC automatically collected and analyzed aggregate reports, providing continuous insight into legitimate and illegitimate email activity. This ensured that properly authenticated emails were delivered while unauthorized messages were filtered or rejected.
The Results: Improved Deliverability and Stronger Email Security
After implementing EasyDMARC, SmugMug observed clear improvements in inbox placement, with a higher percentage of legitimate emails reaching users’ inboxes.
“Deliverability has gone up, and we’re seeing more of our emails land in users’ inboxes than before we started this project,” Shane shared.
At the same time, illegitimate emails attempting to impersonate SmugMug domains were increasingly routed to spam or rejected outright. This significantly reduced the risk of domain abuse and improved overall email trust.
Critical communications, such as security alerts and account updates, also performed more reliably. Observability metrics confirmed that these messages were consistently delivered to the intended destination rather than being filtered or lost among spam.
Ongoing Value and Partnership
For the SmugMug team, the greatest value EasyDMARC provides is observability and confidence. Weekly visibility into email authentication health allows the team to quickly identify where systems are performing well and where adjustments are needed—without stress or guesswork.
Shane emphasized the importance of EasyDMARC’s expertise throughout the journey, noting that the team’s guidance during implementation ensured long-term success and a clear understanding of SmugMug’s email posture.
With EasyDMARC in place, SmugMug now operates with stronger deliverability, enforced authentication, and a resilient foundation for protecting its users and brand.
The post How SmugMug Strengthened Email Authentication and Deliverability with EasyDMARC appeared first on EasyDMARC.
*** This is a Security Bloggers Network syndicated blog from EasyDMARC authored by Sona Mirzoyan. Read the original post at: https://easydmarc.com/blog/how-smugmug-strengthened-email-authentication-and-deliverability-with-easydmarc/
About Author
