DMARC Report: for Safe and secure E-Mail Messages
Domain-based message authentication, reporting, and conformance (DMARC) is a technical specification that authenticates e-mail messages by the Sender Policy Framework (SPF) and Domain Keys Identified Mail (DKIM) mechanisms. There is consistent authentication for messages at AOL, Comcast, Gmail, Hotmail, Yahoo! and any other receiver utilizing it. The specification enables message senders to indicate e-mail protection by SPF or DKIM and tell recipients to junk or block unprotected messages, takes uncertainty out of e-mail handling, prevents exposure to harmful and malicious messages, and enables recipients to report back to senders about messages that fail evaluation.
For SPF, the message must pass the SPF check, and the domain in the header must align with that which validates SPF. For DKIM, the domain of a valid signature must align with that in the header (exact match for strict, as a sub-domain for relaxed, alignment). So a message can fail even if it passes SPF or DKIM but fails domain alignment. DMARC report and policies published in the public Domain Name System notify e-mail recipients of what to do with nonaligned messages. A domain owner who publishes a policy soon receives reports about e-mail from the owner's domain. So the sender trusts this process and knows the impact of publishing a policy, and the recipient sends daily aggregate reports of the number of e-mails received and whether they pass SPF, DKIM, and alignment.
With the explosive expansion of e-commerce, predatory spammers and phishers have accessed user online accounts to steal passwords, bank accounts, and credit card data. In e-mail criminals find an easy way to exploit user trust of well-known brands. The logo of a famous brand in an e-mail message gives it instant credibility with many users. Unaided users can't distinguish real from phony messages, and large mailbox systems must make difficult determinations of which are safe to deliver and which should be blocked. Senders are mostly unaware of authentication problems because they have no practical way to request feedback. DMARC checker provides coordinated, tested methods for domain owners to signal that they use message authentication (SPF, DKIM), supply an e-mail address for feedback about messages, genuine or phony, and devise a policy (quarantine, reject, or report) for messages that fail to authenticate.
In sum, DMARC is a proposed standard for e-mail authentication that gives Internet domain owners a way to identify phony messages for rejection. DMARC report helps to prevent their system from any sorts of malware attacks and fake mails. Policies published in the public Domain Name System are available to everyone. The specification creators hope to make it an official Internet standard available to everyone to encourage use of e-mail as a safe and trustworthy communication medium.