DMARC is an authentication policy and also reporting protocol. It uses both SPF and DKIM and adds linkage to the From domain name policies for handling the incoming email in case of failure and something very important report for the sender. The main purpose of DMARC is to protect against direct domain spoofing. If an attacker tries to send an email from unauthorized sources, DMARC will detect it and block it.
About 80 percent of the company's web domains don’t have standard email authentication protections in place.
dmarc.org, leadership team leading DMARC adoption, released their report, Global DMARC Adoption 2018, revealing 79.7% of all domains analyzed have no DMARC policy in place. By implementing DMARC, brands lower the odds of their domains being spoofed and used for phishing attacks on recipients. The result of a domain not implementing any form of DMARC policy is exposing its recipients to possible phishing attacks and, unsurprisingly, 91% of all cyberattacks begin with a phishing email.
Phishing and spoofing attacks against consumers are likely to occur when companies do not have published Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting and Conformance (DMARC) policies in place. DMARC is considered the industry standard for email authentication to prevent attacks in which malicious third parties send harmful emails using a counterfeit address.
Global DMARC Adoption 2019 report analyzed domains across multiple sectors including education, e-commerce, Fortune 500, US government (Executive, Legislative and Judicial), China Hot 100, the top 100 law firms, international nonprofits, the SaaS 1000, financial services, and travel. The report looks into whether the organization or parent domain, excluding any subdomains, implement any level of DMARC policy from none (good), quarantine (better), reject (best), or if they had no policies whatsoever.
In DMARC uses policies the administrator sets them defining the email authentication practices and what should the receiving email server do if an email violates a policy.
When the receiving email server gets a new email it makes a DNS lookup to check the DMARC. It will look for:
With all of the above in consideration the server DMARC policy to accept reject or flag the email.
In the end, the server will send a message to the sender with a report.
Benefits for the sender of the email