Skip to main content

Understanding DMARC

p = none

Monitors your email traffic. No further actions are taken.

p = quarantine

Sends unauthorized emails to the spam folder.

p = reject

The final policy and the ultimate goal of implementing DMARC. This policy ensures that unauthorized email doesn’t get delivered at all.

DMARC explained

What is DMARC?

Domain-based Message Authentication Reporting and Conformance (DMARC) is a free and open technical specification that is used to authenticate an email by aligning SPF and DKIM mechanisms. By having DMARC in place, domain owners large and small can fight business email compromise, phishing and spoofing. Co-authored by dmarcian’s founder, DMARC was first published in 2012.

With DMARC you can tell the world how to handle the unauthorized use of your email domains by instituting a policy (p=) in your DMARC record.

How does DMARC work?

DMARC is based upon the results of SPF and/or DKIM, so at least one of those has to be in place for the email domain. To deploy DMARC, you need to publish a DMARC record in the DNS.

A DMARC record is a text entry within the DNS record that tells the world your email domain’s policy after checking SPF and DKIM status. DMARC authenticates if either SPF, DKIM, or both pass. This is referred to as DMARC alignment or identifier alignment.

A DMARC record also tells email servers to send XML reports back to the reporting email address listed in the DMARC record. These reports provide insight on how your email is moving through the ecosystem and allow you to identify everything that is using your email domain, including Shadow IT.

Because reports are written in XML, making sense of them can be tricky, and they can be numerous. dmarcian’s DMARC Management Platform can receive these reports and provide visualization on how your email domains are being used, so you can take action and move your DMARC policy towards p=reject.

Why Use DMARC for Email?

Email is involved in more than 90% of all network attacks and without DMARC, it can be hard to tell if an email is real or fake. DMARC allows domain owners to protect their domain(s) from unauthorized use by fighting phishing, spoofing, CEO fraud, and Business Email Compromise.

By always sending DMARC compliant email, the operator of an Internet domain can tell the world “everything I send is easy to identify using DMARC—feel free to drop fake email that pretends to be me.”

DMARC’s utility as an anti-spoofing technology stems from a significant innovation; instead of attempting to filter out malicious email, why not provide operators with a way to easily identify legitimate email? DMARC’s promise is to replace the fundamentally flawed “filter out bad” email security model with a “filter in good” model.

If you’re curious about the health of your domain or anyone’s, use our free Domain Checker for a quick check. It inspects DMARC, SPF and DKIM and tells you which actions you need to take to reach compliance.

Benefits of DMARC

When strong security controls are deployed against fraudulent email, delivery is simplified, brand reliability increases and visibility is granted to domain owners on how their domains are being used around the Internet.

Email Fraud

DMARC’s original use-case. DMARC provides visibility of how a domain is used and prevents unauthorized senders from sending email on behalf of an organization.

Email Reliability

Organizations need email to be reliable. DMARC is the foundation for reliable email delivery, and is often the first step taken to resolve email delivery issues.

Compliance

Industries, governments, and regulations are increasingly requiring DMARC to be in place. It is also becoming a requirement for many cybersecurity insurance providers.

 

If you use email, you’ll benefit by incorporating DMARC.

Learn More About DMARC

We’re very pleased to feature a series of short, technical videos that walk through various aspects of DMARC. These videos draw upon the best of our training courses, are freely available and can be viewed at your leisure.

Get your domains into compliance.
Try out dmarcian for free!