What is a DMARC Record and How Does it Work?
- by linda Y
- in Domains
- View 1833
What is a DMARC Record and how does it work?
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email-authentication protocol. It is designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. The purpose and primary outcome of implementing DMARC is to protect a domain from being used in business email compromise attacks, phishing emails, email scams and other cyber threat activities.
DMARC allows senders to instruct email providers on how to handle unauthenticated mail via a DMARC policy, removing any guesswork on how they should handle messages that fail DMARC authentication.
Senders can monitor all mail to understand their brand’s email authentication ecosystem and ensure legitimate mail are authenticating properly without any interference with the delivery of messages that fail DMARC
Quarantine messages that fail DMARC (e.g., move to the spam folder)
Reject messages that fail DMARC (e.g., don’t deliver the mail at all)
Why is DMARC important?
Email is easy to spoof. Criminals love it because it’s easy to exploit and easy to get us to click on phishing emails when they appear to come from senders we trust, especially from well-known brands. Simply inserting the logo of a well-known brand into an email makes it appear more legitimate, exponentially increasing the likelihood that someone will click on something they shouldn’t.
Since it’s getting harder and harder to tell a legitimate message from a forged or malicious one, and because we can’t always trust our email provider to catch and filter these messages before they reach our inbox, we have technologies like DMARC that can help.
What’s required for DMARC to work?
There are 3 components to DMARC that make it work, all TXT records we need to set up in the specific domain’s DNS:
A DKIM (Domain Keys Identified Mail) record: this record provides an encryption key and digital signature that verifies that an email message was not faked or altered.
A SPF (Sender Policy Framework) record: this DNS record allows senders to define which IP addresses are allowed to send mail for a particular domain.
A DMARC record: this DNS record unifies the SPF and DKIM authentication mechanisms into a common framework and allows domain owners to declare how they would like the email from that domain to be handled if it fails an authorization test
DMARC helps prevent criminals from spoofing the “header from” or “reply-to” address using the following process:
First, it checks that the DKIM (or “digital signature”) is a match.
Then it checks the SPF record to ensure the message came from an authorized server.
If both DKIM and SPF pass these checks, DMARC delivers the message to the intended recipient, but if one or more of these tests fail, DMARC behaves according to a policy we set, which includes ‘none’, ‘quarantine’, or ‘reject’.
The Benefits of Using DMARC
Therefore the result of using DMARC is three fold:
Aggregated reports give you an overview of the usage of your email domain across the internet.
The use of reject or quarantine mode reduces the effectiveness of spoofing and will drive malicious senders away.
A reduced number of spoofed emails coming from your domain will increase the overall confidence in your email domain amongst recipient service thus increasing your successful deliverability rate.