DMARC

Joran Hofman
April 4, 2021

What is DMARC?

DMARC (Domain-Based Message Authentication, Reporting, and Compliance) is an email authentication, policy, and reporting protocol. It is intended to give email domain owners the ability to protect their domain from unauthorized use (email usurpation).

It mainly gives email senders the ability to specify how emails that have not been authenticated through SPF or DKIM should be handled.

How does DMARC work?

DMARC is based on the DKIM and SPF standards laid out for email verification. It also takes advantage of the Domain Name System (DNS). Generally speaking, the verification process works as follows: 

  1. A domain administrator establishes and reports the policy that determines its email verification practices and how the servers that receive emails must handle email that violates this policy. This DMARC policy is included as part of the domain's general DNS records.
  2. The moment an email is received by an incoming mail server, it applies DNS to find out the DMARC policy for the domain that is in the "From" header of the message. After this, the incoming server validates and studies the message looking for three key factors:
  • Is the DKIM signature of the received message verified? 
  • Does the message originate from IP addresses authorized by the SPF records of the originating domain? 
  • Do the message headers show an appropriate "domain alignment"?
  1. Once this information is obtained, the server is ready to apply the sending domain's DMARC policy to make a decision as to whether to reject, accept or flag the email message.
  2. After using the DMARC policy to decide the appropriate disposition of the message, the receiving mail server will notify the owner of the domain that sent the message of the result.

Elements of DMARC.

DMARC invariably applies with these two systems or items of email verification checks:

(SPF) The sender policy scope, which allows the domain owner to empower the IP addresses that are allowed to send an email for the domain. Receiving servers can verify that messages that appear to come from a certain domain are sent from servers that have been authorized by the domain owner.

(DKIM) Domainkeys Identified Mail appends a digital signature to all sent messages. The receiving servers use this signature to verify that the messages are genuine and that they have not been changed or adulterated during transit.

Why is DMARC important?

Spam email and phishing are the most common ways hackers enter a network. It only takes a single user to click or open a file contained in a malicious email to put an entire company at risk with data leaks, cryptojacking scripts, ransomware, or privilege escalation exploits.

DMARC is the first and only widely used technology today that can make the “From” address (what users see in their email clients) reliable. This not only helps preserve the brand and the customers but also serves to discourage cybercriminals as there is less chance of success attacking a brand that has a DMARC registration.

Publishing a DMARC record also protects trademarks by preventing unverified third parties from sending mail from a domain. On certain occasions, just publishing a DMARC record can result in a positive reputation boost.

DMARC reports broaden the visibility of email programs by letting you know the identity of who is sending emails from a domain.

Explore more glossaries