What is DMARC?

Implemented in 2012 DMARC stands for Domain-based Message Authentication, Reporting & Conformance.  DMARC is an email authentication protocol that leverages the widely used SPF and DKIM protocols to improve a sender’s understanding of how their email in circulation is processed.

Ensuring email delivery is critical for every business. DMARC is designed to give email domain owners the ability to protect their email domain from unauthorised use, commonly known as email spoofing. The purpose and primary outcome of implementing DMARC is to protect a domain from being used in business email compromise attacks, phishing emails, email scams and other cyber threat activities.  DMARC is used to reduce spam and fraudulent email by giving senders information on what recipients see. Email claiming to be from the domain is analysed by receiving organisations and a digest report of acceptance and failures is returned back to the sender.

How is DMARC setup?

DMARC uses DNS to publish information on how an email from a domain should be handled.  Because it uses DNS, anyone can publicly access your DMARC record to see how to process email that is reportedly from your domain.  This also makes it simple to deploy, only requiring a DMARC (TXT) record.

This is an example DMARC record from Google.com “v=DMARC1;p=none;sp=quarantine;pct=100;rua=mailto:mailauth-reports@google.com;”

Example above is a simple DMARC record for Google.com. This one instructs recipients to reject email that comes from Google.com that doesn’t pass DKIM and SPF checks and where to send the feedback about rejected emails.

Example above is a more complex DMARC record used by Outlook.com

How is it used?

DMARC is used in conjunction with SPF and DKIM.  Essentially a sender’s DMARC record tells a recipient what to do with suspicious email purporting to come from a sender.  Does it have a proper DKIM signature (and should it)?  Does it match authorised senders in the DNS SPF record?  Should I pass it on, quarantine it or send it back?  Finally, is there an email address I can forward information about suspicious emails so that the sender is aware of the problem?  DMARC records contain all of these policy decisions.

Why do I need DMARC?

DMARC helps you in the fight against malicious email practices that put your business in danger.  Whether you are engaged in e-commerce or off-line sales, your business uses email as a primary means of communication with employees, customers and suppliers.  Unsecured email is easy to spoof and increasingly sophisticated criminals are finding lucrative ways to utilise email.  DMARC helps senders and receivers of email work together to better secure email and reduce spoofing.

Tools for Testing DMARC

It is important to implement DMARC correctly.  The MxToolbox website has the free tools you need to test your DMARC setup and compare it to best practices.  MxToolbox’s DMARC lookup checks your DNS DMARC record for availability and compatibility with RFCs, which is especially useful when you setup your initial DMARC record.  MXToobox also has a free DMARC reporting tool which allows you to analyse email recipient responses.

We can help

Int Tec Solutions are able to assist you to authenticate your email using DMARC and DKIM records for your company.  Contact us today to avoid setup issues with DMARC, DKIM and SPF and protect the reputation of your email domain and all your sending and receiving email servers.