What is Dmarc

DMARC SPF DKIM

What is Dmarc
DMARC

30 July, 2020

What is DMARC and why is it important?

DMARC which is stands for “Domain-based Message Authentication, Reporting & Conformance” is an email authentication policy and reporting protocol. DMARC allows a recipient to confirm that an email is truly coming from the sender and is not a piece of spam or a phishing attack.

DMARC combines the power of two other email authentication methods: SPF and DKIM. It ensures that the email receiver blocks any kind of fraudulent email messages that may be coming from a specific domain. Through support from ISPs (Gmail, Yahoo, Microsoft, and more) DMARC also allows you to receive reports on sending activity for your domain.

 

 

How Does DMARC Work?

 

 

DMARC ensures that legitimate email is properly authenticated against established DKIM and SPF standards.

Senders can either:

  • Monitor all mail to understand their brand’s email ecosystem without impacting the delivery of messages that fail DMARC.
  • Quarantine messages that fail DMARC and redirect them to a spam folder.
  • Reject messages that fail DMARC and divert them entirely from an inbox.

 

DMARC’s alignment feature prevents spoofing of the “header from” address by:

  • Matching the “header from” domain name with the “envelope from” domain name used during an SPF check
  • Matching the “header from” domain name with the “d=domain name” in the DKIM signature.

 

To pass DMARC a message must pass SPF authentication and SPF alignment and DKIM authentication and DKIM alignment. A message will fail DMARC if the message fails both (1) SPF or SPF alignment and (2) DKIM or DKIM alignment.

 

Why DMARC is important?

The main work of DMARC is to detect and prevent email spoofing and phishing. Phishing scams that are designed to look like they are coming from your bank prompting you to click on a link to reset your password or to give them your information.

DMARC addresses these issues, helping email senders and receivers work together to better secure emails, protecting users and brands from painfully costly abuse.

Request Your Complimentary Domain Analysis