DMARC stands for Domain-based Message Authentication, Reporting & Conformance, and is a protocol that uses Sender Policy Framework, (SPF) and DomainKeys identified mail (DKIM) to determine the authenticity of an email message.
DMARC is a way to make it easier for email senders and receivers to determine whether or not a given message is legitimately from the sender, and what to do if it isn’t. This makes it easier to identify spam and phishing messages, and keep them out of peoples’ inboxes.
DMARC is a proposed standard that allows email senders and receivers to cooperate in sharing information about the email they send to each other. This information helps senders improve the mail authentication infrastructure so that all their mail can be authenticated. It also gives the legitimate owner of an Internet domain a way to request that illegitimate messages – spoofed spam, phishing – be put directly in the spam folder or rejected outright.
Your DMARC record is published alongside your DNS records and includes including:
- SPF
- A-record
- CNAME
- (DKIM)
It is important to note that not all receiving servers will perform a DMARC check before accepting a message, but all the major ISPs do and implementation is growing but by default ReliMail enforces DMARC for an added layer of accuracy and deliverability.
Why is DMARC important?
With the rise of the social internet and the ubiquity of e-commerce, spammers and phishers have a tremendous financial incentive to compromise user accounts, enabling theft of passwords, bank accounts, credit cards, and more. Email is easy to spoof and criminals have found spoofing to be a proven way to exploit user trust of well-known brands. Simply inserting the logo of a well known brand into an email gives it instant legitimacy with many users.
Users can’t tell a real message from a fake one, and large mailbox providers have to make very difficult (and frequently incorrect) choices about which messages to deliver and which ones might harm users. Senders remain largely unaware of problems with their authentication practices because there’s no scalable way for them to indicate they want feedback and where it should be sent. Those attempting new SPF and DKIM deployment proceed very slowly and cautiously because the lack of feedback also means they have no good way to monitor progress and debug problems.
DMARC addresses these issues, helping email senders and receivers work together to better secure emails, protecting users and brands from painfully costly abuse.
What are the benefits of DMARC?
We have implemented DMARC for the following reasons:
- ReputationPublishing a DMARC record protects your Corporate Identity by preventing unauthenticated parties from sending mail from your domain. This helps with “good” reputation management principles for sending email and will give your domain a bump in status.
- VisibilityDMARC reports increase visibility into your emails by letting you know who is sending email from your domain.
- SecurityDMARC helps the email community establish a consistent policy for dealing with messages that fail to authenticate. This helps the email ecosystem as a whole become more secure and more trustworthy.
DMARC Addresses the Following Illegitimate Email Types:
DMARC is designed to protect against direct domain spoofing. When an email is sent by an unauthorized sender (whether it is sent by a malicious actor, or even an unauthorized or non-participating department of the company that owns/operates the domain), DMARC can be used to detect the unauthorized activity and (if so configured) request that those messages be blocked or discarded when they are received.
To read more about DMARC please visit the official DMARC website.