DMARC is an email authentication protocol that helps protect organizations and their email recipients from fraudulent emails. Since its initial introduction in 2012, DMARC has become a fundamental domain security tool and a global email authentication standard. It works by utilizing two protocols, SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail) to determine the authenticity of a message.
What Does DMARC Stand For?
DMARC stands for “Domain-based Message Authentication, Reporting, and Conformance.” DMARC builds on two existing email authentication protocols, Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM), to provide an extra layer of defense.
Let’s discuss the importance of DMARC, how DMARC works, what DMARC records and DMARC policies are, and the benefits of DMARC.
What Does DMARC do and Why is it Important?
DMARC ensures that only authorized senders can use your domain by verifying SPF and DKIM authentication for outgoing messages. When considering what does DMARC do, its primary role is to safeguard your organization’s reputation and protect clients and partners from fraudulent emails that appear to come from your email address. DMARC is crucial for defending your domain against phishing and spoofing attacks. Additionally, DMARC reports offer insights into how your domain is being used and help you detect unauthorized activities before they become serious threats.
How Does DMARC Work?
DMARC works by verifying the authenticity of emails using SPF and DKIM. SPF allows a domain owner to specify which email servers are authorized to send mails on behalf of their domain, while DKIM allows the sender to add a digital signature to their messages, providing a means for the recipient to verify the mail’s authenticity.
If the email fails either SPF or DKIM alignment, DMARC applies the policy you’ve set. DMARC allows email domain owners to publish policies in their Domain Name System or DNS records specifying how email receivers should handle messages that claim to be from their domain or email address.
What is DMARC in Email and a DMARC Policy?
There are three main DMARC policies that a domain owner can specify:
None (p=none)
This policy is used for monitoring purposes. With this policy, email receivers do not take specific action based on the DMARC results. Both legitimate emails and malicious emails land in your inbox. The domain owner receives reports about the authentication status of mails claiming to be from their domain. This allows them to assess the impact of implementing DMARC without impacting the delivery of messages.
Quarantine (p=quarantine)
With this policy, if an incoming mail fails DMARC authentication, the email receiver is instructed to treat it with suspicion and may choose to move it to the recipient’s spam folder or junk folder. The message is not outright rejected, but it is flagged as potentially suspicious.
Reject (p=reject)
Reject is the strictest DMARC policy. If an incoming message fails DMARC authentication, the email receiver is instructed to reject it outright, preventing the mail from reaching the recipient’s inbox. This policy provides the highest level of protection against email spoofing and phishing.
Organizations are advised to start with a “p=none” policy for monitoring, analyze their mail activity and then gradually move to a more restrictive policy like “p=quarantine” or “p=reject”.
Here’s an illustration showing how DMARC works:
What is a DMARC Record?
A DMARC record is a TXT entry in a domain’s DNS that specifies how email servers should handle messages that fail authentication checks. It works in conjunction with SPF and DKIM to help prevent email spoofing and phishing. By implementing a DMARC record, domain owners can define policies that instruct receiving mail servers to accept, quarantine, or reject emails that do not pass authentication.
Additionally, DMARC records enable domain owners to receive detailed reports on email authentication activity. These reports provide insights into which sources are sending mail on behalf of the domain and whether they pass authentication checks. This visibility helps businesses detect unauthorized email use and strengthen their overall security posture.
The Structure of DMARC Records
The structure of DMARC records includes several key components or tags specifying how to handle messages claiming to be from the organization’s domain.
| Tag Name | Purpose | Sample |
| v | Protocol version | v=DMARC1 |
| p | Policy for organizational domain | p=quarantine |
| pct | Percentage of messages subjected to filtering | pct=20 |
| rua | Reporting URI of aggregate reports | rua=mailto:[email protected] |
| ruf | Reporting URI for forensic reports | ruf=mailto:[email protected] |
| adkim | Alignment mode for DKIM | adkim=s |
| aspf | Alignment mode for SPF | aspf=r |
| sp | Policy for subdomains | sp=reject |
Here’s an example of a simple DMARC TXT record:
“v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]; pct=90; adkim=s; aspf=r”
In this example, the organization has implemented DMARC with the most robust policy of “p=reject,” requests aggregate reports to be sent to “[email protected],” forensic reports to “[email protected],” allows for 90% flexibility in applying the policy, and uses strict DKIM and SPF alignment.
If you’re struggling to write DMARC TXT accurately, check out our free DMARC lookup tool.
What is DMARC in Email?
Think of DMARC as email insurance – it helps protect your email from an array of online attacks and threats. Take a look at some of the benefits of DMARC in email:
Phishing and spoofing prevention: DMARC helps prevent phishing attacks by allowing email recipients to verify that the sender is legitimate and hasn’t been spoofed.
Increased email deliverability: DMARC can positively impact mail deliverability by clearly indicating to email providers that your messages are legitimate.
Brand protection: DMARC helps safeguard your brand’s reputation by reducing the risk of attackers using your domain to send fraudulent mails.
Reporting and visibility: DMARC generates reports that provide insights into email traffic, which allows you to monitor and fine-tune your email security policies.
Regulatory compliance: DMARC adoption aligns with certain regulatory requirements and industry standards related to email security, contributing to overall compliance efforts.
Improved customer trust: By securing your email communication, you can enhance customer trust and confidence in your online communications.
Your DMARC Journey Made Simple
Implementing DMARC requires careful configuration and ongoing monitoring, but the benefits in email security and trustworthiness are substantial. While DMARC implementation requires technical expertise, EasyDMARC has designed various tools to make your DMARC journey a breeze. We provide comprehensive guidance and walk you through every stage of email authentication to ensure you have the knowledge and tools necessary for smooth compliance.
If you’re ready to start protecting your company and meeting your compliance goals, get in touch with us today.
Frequently Asked Questions
The three main concepts involved in DMARC are policy (defines the action a receiving mail server should take when an email fails authentication), alignment (used to match the domain in the From header with the domains used in SPF and DKIM) and reporting (allowing domain owners to receive aggregate and forensic reports on authentication performance).
DMARC is designed to protect against domain spoofing, an attack in which an email is sent by an unauthorized sender (who will sometimes pretend to be a legitimate entity), to help protect users against cyber threats that can put their personal or professional data at risk.
Implementing DMARC helps protect individuals and companies from unauthorized users or third parties trying to send emails on their behalf.
We’re glad you joined EasyDMARC newsletter! Get ready for valuable email security knowledge every week.
You’re already subscribed to EasyDMARC newsletter. Continue learning more about email security with us