As more employees work remotely, the more an organization’s vital infrastructure is at risk for cybercrime.
DMARC
(Domain-based Message Authentication, Reporting, and Conformance) is a free and
open technical specification for authenticating email and providing domain
users control over how their email domains are used.
After
confirming SPF and DKIM status, a DMARC record is a text entry within the DNS
record that notifies the world of your email domain's policy. If either SPF, DKIM,
or both pass, DMARC authenticates the email and advises the rest of the world on what to do with the emails that don't. Email servers are also instructed to
send XML reports to a reporting email address. These statistics show you how
your email is moving through the ecosystem and want you to see who is using
your domain.
Domain
owners of all kinds can use DMARC to combat corporate email phishing and
spoofing by selecting who can send an email on their behalf and denying the rest.
Domain
owners of all kinds can use DMARC to combat corporate email phishing and
spoofing by selecting who can send an email on their behalf and denying the rest.
Why use DMARC?
There
are two main reasons to consider using DMARC for your sending domains:
1. You can tell your recipient’s email
admins what to do with email that has failed authentication.
If
you send email messages that you believe might be faked, you can notify
recipients that if the SPF/DKIM checks fail, they should reject or quarantine
the message. This is important if you want your recipients to be 100% certain
that an email from one of your sending domains actually came from you. This
will guarantee that your domains and brand always are trusted.
2. You can get feedback and reporting
on your authentication from the recipients you send to.
There
are two types of reports
generated by DMARC. Aggregate reports provide you the email message header
data as well as the reported information, such as the message disposition,
which shows what the receiver did with the mails.
The
abuse reports that run via the email server Feedback Loops (FBL) are
similar to forensic reports. They are modified versions of email messages that
failed SPF, DKIM,
or both. These are useful for identifying any problems that may arise during
the implementation of DMARC.
There
are also tools available from companies like Dmarcian, EmailAuth, ValiMail, ReturnPath, 250ok, and others that
may assist you to analyze your
DMARC reports.
What does a DMARC record look like?
DMARC
records resemble SPF records in design. They're a type of DNS TXT record that
has tags with a name and a value. They will always have the _dmarc subdomain,
making it simple to see if a sending domain already has DMARC. The DMARC record
for the fictitious domain.tld would be _dmarc.domain.tld.
An example record could look like:
What are the steps for implementing
DMARC?
1. Deploy SPF.
2. Deploy DKIM.
3. Test to be sure that all your sent
email messages are correctly aligning the appropriate identifiers.
4. Publish a DMARC record with the
“none” flag set for the policies, which requests data reports.
5. Observe and analyze the data you
receive and modify email configuration if needed.
6. Modify your DMARC policy flags from
“none” to “quarantine” to “reject” as you gain more data and are confident that
every email you send out is being correctly authenticated.