5

What is DMARC and How to Use It

May 8, 2023 | Blog, DMARC, Security

While emails have become a critical part of our daily lives, they have also become a major target for cybercriminals who use email spoofing and phishing attacks to steal personal information and spread malware. DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol designed to combat these attacks by actively verifying the authenticity of email messages.

In this article, we’ll explore what DMARC is, how it works, and how you can implement DMARC policies to improve the security and deliverability of your email communication.

What is DMARC?

DMARC is an email authentication protocol that works by using two other email authentication protocols, SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail), to verify the authenticity of an email message. SPF checks the IP address of the email sender against a list of authorized IP addresses published in the DNS records of the domain, while DKIM uses a cryptographic signature to verify that the email was not modified in transit and was sent by an authorized sender.

Once the email has been authenticated using SPF and DKIM, DMARC provides a policy for what action should be taken based on the authentication results. The DMARC policy can be set to three different actions: none, quarantine, or reject.

How to Implement DMARC Policies

To implement DMARC policies, you need to publish a DMARC record in your domain’s DNS records. The DMARC record specifies the policy that should be applied to emails that fail authentication, as well as the email address where DMARC reports should be sent.

To publish a DMARC record, you’ll need to create a TXT record in your domain’s DNS records. The TXT record should contain the DMARC policy, which consists of three parts: the policy type, the email address where DMARC reports should be sent, and the percentage of emails that should be subjected to the policy.

For example, the following DMARC policy instructs receiving mail servers to reject any emails that fail authentication and send DMARC reports to dmarc@example.com for 100% of emails:

v=DMARC1; p=reject; rua=mailto:dmarc@example.com; pct=100;

Common DMARC Policy Errors

When implementing DMARC policies, there are several common errors that can cause issues with email delivery. These include:

  • Not publishing a DMARC record at all
  • Setting the policy type to “none” instead of “reject”
  • Not specifying an email address for DMARC reports
  • Setting the percentage of emails subjected to the policy to 0%

To avoid these errors, it’s important to carefully review your DMARC policy before publishing it, and to test it using DMARC reporting tools to ensure that it’s working correctly.

How to Interpret DMARC Reports

DMARC reports provide valuable insights into your email traffic, including which emails are authenticating and which are not. To interpret DMARC reports, you’ll need to use a DMARC reporting tool like MXtoolbox which can parse the DMARC reports and provide you with easy-to-read charts and graphs.

Using DMARC to Improve Email Deliverability

In addition to improving email security, DMARC can also be used to improve email deliverability by ensuring that legitimate emails are not blocked or sent to spam. By implementing DMARC policies correctly and monitoring DMARC reports, you can identify and fix issues that may be causing emails to be marked as spam or blocked by receiving mail servers.

DMARC policy examples

1. DMARC policy set to “none”

"v=DMARC1; p=none; rua=mailto:dmarc_reports@yourdomain.com"

This DMARC policy instructs receivers to send DMARC aggregate reports to the email address specified in the rua tag. The policy set to “none” means that the receivers should take no action against emails that fail DMARC checks.

2. DMARC policy set to “quarantine”

 

"v=DMARC1; p=quarantine; rua=mailto:dmarc_reports@yourdomain.com"
This DMARC policy instructs receivers to send DMARC aggregate reports to the email address specified in the rua tag. The policy set to “quarantine” means that the receivers should send emails that fail DMARC checks to the spam or junk folder.

3. DMARC policy set to “reject”


"v=DMARC1; p=reject; rua=mailto:dmarc_reports@yourdomain.com"
This DMARC policy instructs receivers to send DMARC aggregate reports to the email address specified in the rua tag. The policy set to “reject” means that the receivers should reject emails that fail DMARC checks and not deliver them to the recipient’s inbox.

It’s important to note that DMARC policies should be implemented gradually, starting with a policy set to “none” to allow for monitoring and adjustment of the policy before moving on to “quarantine” or “reject”. This ensures that legitimate emails are not blocked or sent to spam by mistake. It’s also important to regularly review DMARC reports to identify any issues and make necessary adjustments to the policy.

Need reporting software?

The best thing about DMARC is the reporting. You can get reports whenever unaligned e-mails are identified by e-mail providers which helps you to debug any deliverability issues.

We recommend going with some of the big guys like dmarcian who support automatic, aggregated reports showing you in detail how your e-mails are delivered.

Conclusion

DMARC is an essential tool for anyone who wants to improve the security and deliverability of their email communications. By implementing DMARC policies correctly and monitoring DMARC reports, you can actively protect your domain from email spoofing and phishing attacks, ensuring secure and reliable email communication. Invest in DMARC to safeguard your organization’s reputation and maintain trust with your recipients in the ever-evolving landscape of email security.

Heysender blog

Read our other blog entries to get new inspiration for your transactional emails.

Harnessing the Power of Transactional Emails: Types, Examples and Best Practices

In the ever-evolving landscape of digital communication, transactional emails have emerged as a crucial component in maintaining a seamless and efficient interaction between businesses and their customers. Unlike promotional emails, which aim to market products or...

Boosting Email Visibility: How to Stand Out in the Inbox with BIMI

With inboxes flooded with emails daily, it's crucial for businesses to find innovative ways to capture the attention of their recipients. One effective solution gaining traction is the use of BIMI (also known as Brand Indicators for Message Identification). In this...

New Steps in our Data Security Efforts: Heysender Completes ISAE 3000 Revision

Heysender Gets ISAE 3000 Report The ISAE 3000 report investigates how employees in the organization treats and stores your data, and how GDPR processes are communicated and followed in the daily work.  The revision and report are carried out by an external accountant....

Navigating Web Hosting: Dedicated IP vs. Shared IP

When it comes to web hosting and managing online presence, understanding the nuances of IP (Internet Protocol) addresses is paramount. In the world of web hosting, IP addresses are categorized into two main types: Dedicated IP and Shared IP. These two types play a...

Decoding Email Tech: SMTP vs. API

In modern communication, email remains a fundamental tool for personal and professional interactions. Behind the scenes, SMTP (Simple Mail Transfer Protocol) and APIs (Application Programming Interfaces) play critical roles in ensuring the smooth transmission and...

Data Privacy Guardian: Ensuring Trust in E-commerce Transactions

The extensive digital footprint we create daily is a goldmine of information that holds immense value, not just for individuals but also for businesses engaging in customer relationships. One pivotal aspect of data privacy lies within transactional emails, as they...

Mastering Email Spam-Proofing

In today's era of digital connectivity, email communication has become an indispensable component of both our personal and professional lives. However, there's nothing more frustrating than crafting a well-thought-out email only to find it buried in the recipient's...

Unraveling the Mysteries of Email Bounces: Hard Bounce vs. Soft Bounce

We’ve all experienced that sinking feeling when an email we carefully crafted fails to reach its intended recipient. Despite meticulous configurations, email bounces can still occur due to a myriad of reasons, some within our control and others beyond it. In this...

Demystifying DKIM Records

Enhancing Email Security and Trust In the realm of email security, protecting against phishing attacks and ensuring message integrity is crucial. DomainKeys Identified Mail (DKIM) offers a powerful solution by enabling domain owners to digitally sign their outgoing...

Understanding SPF Records

A Guide to Secure Email Delivery In today’s digital world, email has become an essential means of communication for individuals and businesses alike. However, the prevalence of email-based attacks such as spam, phishing, and spoofing has raised concerns about email...