Something has been quietly happening to nonprofit email programs over the past two years, and most organizations have no idea it’s occurring. Open rates are down. Click-throughs are soft. Leadership is frustrated. The email team is demoralized. And everyone assumes the list has gone stale or the subject lines aren’t punchy enough.
Sometimes that’s true. But increasingly, the culprit is something most nonprofit communicators have never heard of: DMARC.
DMARC — Domain-based Message Authentication, Reporting, and Conformance, if you want the full mouthful — is an email authentication protocol. It’s been around for years, but in late 2025, Gmail and other major providers began strictly enforcing it for bulk senders. The short version: if your organization doesn’t have DMARC properly configured alongside two related DNS records (SPF and DKIM), your emails are now being quietly routed to spam folders or rejected entirely. No error messages. No alerts. Just a slow, invisible erosion of deliverability.
Roughly 19% of nonprofits still don’t have a DMARC record in place. That’s not a small number. And many of the organizations that do have one have it misconfigured, which can be just as bad. Rkdgroup
Here’s what makes this particularly insidious: nothing obviously breaks. Your email platform still shows the send as successful. Your open rate just looks a little worse than last quarter, which you chalk up to list fatigue or the news cycle or whatever story is easiest to tell. Meanwhile, a meaningful percentage of your subscribers — donors, advocates, program participants — simply never see your messages.
I’ve spent a good part of my career telling organizations that email is their most reliable owned channel. I still believe that. But “owned” only means something if your messages actually arrive. A social media algorithm can bury your post. A DNS misconfiguration can bury your entire email program, and you won’t even know it’s happening.
The fix isn’t glamorous. It requires someone with access to your domain’s DNS settings, a conversation with your IT team or web host, and probably an hour with your email service provider’s documentation. For smaller organizations without in-house technical staff, it may mean a short engagement with a consultant. None of this is expensive. All of it is overdue.
A few things worth checking right now:
- Ask your IT contact or web host whether SPF, DKIM, and DMARC records are configured for your sending domain. If they look at you blankly, that’s your answer.
- Use a free tool like MXToolbox or mail-tester.com to run a quick diagnostic on your domain. It takes five minutes and will tell you exactly what’s missing.
- If you use an email service provider like Mailchimp, Constant Contact, or Salesforce Marketing Cloud, check their help documentation — most have step-by-step guides for setting up authentication.
The broader point here isn’t really about DNS. It’s about the growing gap between what nonprofit communicators are expected to produce and the operational infrastructure that supports the work. Only 5% of nonprofit communicators say their role is well understood by the rest of their organization. Technical requirements like email authentication fall squarely into that gap — important enough to matter, arcane enough that nobody claims ownership of them. Nonprofitmarketingguide
Your email program didn’t suddenly stop working. The margin for error just disappeared. And in an environment where every touchpoint with donors and supporters counts, that’s not a problem you can afford to ignore.