What is DMARC?
Domain-based Message Authentication, Reporting & Conformance (DMARC) is an open email authentication protocol that provides domain-level protection of the email channel. DMARC authentication detects and prevents email spoofing techniques used in phishing, business email compromise (BEC) and other email-based attacks.
DMARC, the sole widely adopted technology, enhances the trustworthiness of the “from” domain in email headers by leveraging existing standards.
The domain owner can establish a DMARC record in the DNS servers, specifying actions for unauthenticated emails.
To understand DMARC it is also important to know a few other mail authentication protocols specifically SPF and DKIM. SPF Organizations can authorize senders within an SPF record published in the Domain Name System (DNS).
The record contains approved sender IP addresses, including those authorized to send emails on behalf of the organization. Publishing and checking SPF records provide a reliable defense against email threats that falsify “from” addresses and domains.
DKIM is an email authentication protocol enabling receivers to verify if an email was genuinely authorized by its owner. It allows an organization to take responsibility for transmitting a message by attaching a digital signature to it. Verification is done through cryptographic authentication using the signer’s public key published in the DNS. The signature ensures that parts of the email have not been modified since the time the digital signature was attached.
How does DMARC Work?
To pass DMARC authentication, a message must successfully undergo SPF and SPF alignment checks or DKIM and DKIM alignment checks. If a message fails DMARC, senders can instruct receivers on what to do with that message via a DMARC policy. There are three DMARC policies the domain owner can enforce: none (the message is delivered to the recipient and the DMARC report is sent to the domain owner), quarantine (the message is moved to a quarantine folder) and reject (the message is not delivered at all).
The DMARC policy of “none” is a good first step. This way, the domain owner can ensure that all legitimate email is authenticating properly. The domain owner receives DMARC reports to help them make sure that all legitimate email is identified and passes authentication. Once the domain owner is confident they have identified all legitimate senders and have fixed authentication issues, they can move to a policy of “reject” and block phishing, business email compromise, and other email fraud attacks. As an email receiver, an organization can ensure that its secure email gateway enforces the DMARC policy implemented to the domain owner.
What is DMARC in Marketing Cloud?
DMARC can be used by email service providers and domain owners to set policies that limit the usage of their domain. One such policy is restricting the domain’s usage in “from” addresses, which effectively prohibits anyone from using the domain in the “from” field except when using the provider’s webmail interface. any email service provider or domain owner can publish this type of restrictive DMARC policy can be published by Having a powerful CLOUD SERVICES is very important as will protect employees against inbound email threats.
Points to note while authenticating DMARC:
- Due to the volume of DMARC reports that an email sender can receive and the lack of clarity provided within DMARC reports, fully implementing DMARC authentication can be difficult.
- DMARC parsing tools can help organizations make sense of the information included within DMARC reports.
- Additional data and insights beyond what’s included within DMARC reports help organizations to identify email senders faster and more accurately. This helps speed up the process of implementing DMARC authentication and reduces the risk of blocking legitimate email.
- Organizations can create a DMARC record in minutes and start gaining visibility through DMARC reports by enforcing a DMARC policy of “none.”
- By properly identifying all legitimate email senders – including third-party email service providers—and fixing any authentication issues, organizations should reach a high confidence level before enforcing a DMARC policy of “reject”.