DMARC is an email validation system that stops your domain from being spoofed by spammers or impersonates your organization to spam fake messages to your customers. These messages are often used for malicious purposes and communicate false information which might be harmful to your organization's reputation.
WHAT IS DMARC?
Domain-based Message Authentication, Reporting, and Conformance, or DMARC, is a technical standard that aids in the protection of email senders and recipients against spam, spoofing, and phishing. DMARC enables an organisation to publish a policy that defines its email authentication practises and provides receiving mail servers with instructions on how to enforce them.
PURPOSE OF A DMARC REPORT
Learn about all of the email sources used by your company.
Determine unauthorised sources that send email that appears to be from your organisation.
Determine which messages sent by your company pass or fail authentication checks (SPF or DKIM, or both).
TOP 2 FUNCTIONS OF DMARC
Authenticates messages (DMARC alignment)
When SPF or DKIM checks the message, DMARC passes or fails it based on whether the message’s From: header matches the sending domain. This is known as alignment. So, before configuring DMARC for your domain, you should enable SPF and DKIM.
Manages messages that fail authentication (receiver policy)
If a message from your domain fails the SPF or DKIM checks (or both), DMARC instructs the server on what to do with the message.
- When receiving mail servers receive a message that appears to be from your organisation but fails authentication checks or does not meet the authentication requirements in your DMARC policy record, DMARC instructs them on what to do. Unauthenticated messages could be impersonating your organisation or coming from unauthorised servers.
- DMARC is always used in conjunction with the following two email authentication methods or checks:
- The Sender Policy Framework (SPF) allows the domain owner to authorise IP addresses that can send email for the domain.
- Receiving servers can verify that messages appearing to come from a specific domain are sent from servers allowed by the domain owner.
- DKIM (Domain Keys Identified Mail) adds a digital signature to every message sent. Receiving servers use the signature to ensure that messages are authentic and have not been forged or altered during transit
Advantages
ADVANTAGES OF DMARC:
- Gain visibility into their email channel to determine whether their domains are being used legitimately or fraudulently.
- Improve their email reputation and trustworthiness overall.
- Ensure legitimate email is getting delivered and fraudulent email is not.
- Receive alerts when changes to email infrastructure may impact the delivery of legitimate messages.
- Identify sources and forms of threat so that they’re equipped to proactively prevent attacks.
WHAT MAKES DMARC RELIABLE?
- User-friendly overviews grouped on several values
- Learn about phishing attacks targeting your name.
- Unlimited users, domains and domain groups
- Receive daily/weekly reports
- Two-Factor Authentication
- The DNS timeline allows you to keep track of DNS changes and updates.
- Create and check DMARC records
MODERN PHISHING PROBLEMS REQUIRE DMARC SOLUTIONS
- DMARC not only provides full visibility into email channels, but it also highlights phishing attacks.
- DMARC is more powerful and is capable of mitigating the impact of phishing and malware attacks, preventing spoofing, protecting against brand abuse, scams and avoiding business email compromise.
- Configuring DMARC correctly assists receiving mail servers in determining how to evaluate messages claiming to be from your domain, and it is one of the most important steps you can take to improve deliverability.
THREE MAIN DMARC POLICIES:
- p=reject refuses to accept email that fails the DMARC check. The non-compliant email is dropped, and the sender receives a bounce-back message detailing the reason for the failure.
- p=quarantine accepts emails that violates the DMARC check, but marks them as spam. This is typically usually done by moving the email in a spam folder, or tagging the subject line with a warning.
- p=none does not impact the flow of email, and is used to monitor which emails are passing or failing the DKIM check. While this policy can help gauge how effective your current policies are, and shape how you implement future email security rules, it does nothing to protect your domain.
frequently asked questions
- Spoofing and Phishing.
If DMARC us implemented incorrectly, the policy will drop legitimate mail messages. It is important to start the policy at the lowest level (None) and move to the highest level (Reject) once all legitimate mail message issues are resolved
- If you have domains that don’t send mail, but customers regularly see them (for example, a web domain that customers visit) it is best to configure DMARC to not allow any mail from that domain. This is because customers will likely trust an email that seems to come from a website that they visit regularly.
Tools such as DMARCian and onDMARC can provide a comprehensive breakdown of what has happened in each report.
It is recommended that you set up a new email address specifically for receiving the reports. This helps prevent your main inbox from becoming too cluttered and helps to integrate with various DMARC analytics services.
