What Is DMARC?

What Is DMARC?

The Domain Based Message Authentication Reporting (DMARC) security email protocol leverages DNS and uses the Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) open protocols to verify email senders.

If a DMARC record check detects a misalignment between an email sender and the address as it appears to the recipient of the email, DMARC activates an administered protocol that tells the receiving server to accept the message, quarantine it, or reject it based on policy the sender defines.

As part of the validation process, DMARC gives the sender reports on who is attempting to use their domain to send messages. This visibility allows the sender to fine-tune their policy as new threats emerge. In this way, DMARC helps companies establish brand trust by reducing the threat of nonvalidated or fraudulent email.

Why DMARC?

Email was introduced as a way of sharing information between two known senders through an open network. It was typically from one trusted institution directly to another, so authentication didn’t seem necessary.

Today, email is open to vulnerability. Attackers impersonate both senders and domains to launch attacks such as spam and phishing that compromise business email. Successful breaches create some of the most serious and time-consuming challenges for IT security. But worse, they result in a loss of trust in email.

For years, the most common standards to defend networks against these attacks were SPF and DKIM. Both helped servers identify the validity of a sender, but they did not allow the sender to define what would happen if the sender was not found to be valid, which prevented domain owners from controlling the use of their brand. 

How do you deploy DMARC in your DNS?

Start by going into your DNS record and configuring your DKIM signing entity and SPF record for the IP addresses that have permission to email on your behalf.

Next, define your DMARC policy with a “monitor” action. Then simply review your DMARC reports to see who is passing the SPF, DKIM, and DMARC standards. Once you know who the approved senders are, you can bring them into compliance.

Periodically perform a comprehensive analysis of the messages to your receivers that are failing their DMARC authentication, and set a policy to quarantine or reject them.