Directory Image
This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.

Control Your Email Domains with DMARC

Author: Dustin L. Held
by Dustin L. Held
Posted: Jul 24, 2021

As more employees work remotely, the more an organization’s vital infrastructure is at risk for cybercrime.

What is DMARC

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a free and open technical specification for authenticating email and providing domain users control over how their email domains are used.

After confirming SPF and DKIM status, a DMARC record is a text entry within the DNS record that notifies the world of your email domain's policy. If either SPF, DKIM, or both pass, DMARC authenticates the email and advises the rest of the world on what to do with the emails that don't. Email servers are also instructed to send XML reports to a reporting email address. These statistics show you how your email is moving through the ecosystem and want you to see who is using your domain.

Domain owners of all kinds can use DMARC to combat corporate email phishing and spoofing by selecting who can send an email on their behalf and denying the rest.

Domain owners of all kinds can use DMARC to combat corporate email phishing and spoofing by selecting who can send an email on their behalf and denying the rest.

Why use DMARC?

There are two main reasons to consider using DMARC for your sending domains:

1. You can tell your recipient’s email admins what to do with email that has failed authentication.

If you send email messages that you believe might be faked, you can notify recipients that if the SPF/DKIM checks fail, they should reject or quarantine the message. This is important if you want your recipients to be 100% certain that an email from one of your sending domains actually came from you. This will guarantee that your domains and brand always are trusted.

2. You can get feedback and reporting on your authentication from the recipients you send to.

There are two types of reports generated by DMARC. Aggregate reports provide you the email message header data as well as the reported information, such as the message disposition, which shows what the receiver did with the mails.

The abuse reports that run via the email server Feedback Loops (FBL) are similar to forensic reports. They are modified versions of email messages that failed SPF, DKIM, or both. These are useful for identifying any problems that may arise during the implementation of DMARC.

There are also tools available from companies like Dmarcian, EmailAuth, ValiMail, ReturnPath, 250ok, and others that may assist you to analyze your DMARC reports.

What does a DMARC record look like?

DMARC records resemble SPF records in design. They're a type of DNS TXT record that has tags with a name and a value. They will always have the _dmarc subdomain, making it simple to see if a sending domain already has DMARC. The DMARC record for the fictitious domain.tld would be _dmarc.domain.tld.

If you've previously implemented DMARC and have a DMARC record for your sending domain(s) with a quarantine or reject policy, but haven't yet configured ClickDimensions to accept it (it'll be a name/value pair that looks like p=quarantine or p=reject; ), please file a support ticket. We can confirm that you have everything in place and, if you don't, we can start the process of establishing a supporting configuration for you.

What are the steps for implementing DMARC?

  1. Deploy SPF.
  2. Deploy DKIM.
  3. Test to be sure that all your sent email messages are correctly aligning the appropriate identifiers.
  4. Publish a DMARC record with the "none" flag set for the policies, which requests data reports.
  5. Observe and analyze the data you receive and modify email configuration if needed.
  6. Modify your DMARC policy flags from "none" to "quarantine" to "reject" as you gain more data and are confident that every email you send out is being correctly authenticated.
About the Author

EmailAuth Suite is one of the world's best platform for Email Authentication and has been serving customers since the introduction of DMARC in 2012.

Rate this Article
Leave a Comment
Author Thumbnail
I Agree:
Comment 
Pictures
Author: Dustin L. Held

Dustin L. Held

Member since: Mar 09, 2021
Published articles: 13

Related Articles