5

What is DMARC and How to Use It

May 8, 2023 | Blog, DMARC, Security

While emails have become a critical part of our daily lives, they have also become a major target for cybercriminals who use email spoofing and phishing attacks to steal personal information and spread malware. DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol designed to combat these attacks by actively verifying the authenticity of email messages.

In this article, we’ll explore what DMARC is, how it works, and how you can implement DMARC policies to improve the security and deliverability of your email communication.

What is DMARC?

DMARC is an email authentication protocol that works by using two other email authentication protocols, SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail), to verify the authenticity of an email message. SPF checks the IP address of the email sender against a list of authorized IP addresses published in the DNS records of the domain, while DKIM uses a cryptographic signature to verify that the email was not modified in transit and was sent by an authorized sender.

Once the email has been authenticated using SPF and DKIM, DMARC provides a policy for what action should be taken based on the authentication results. The DMARC policy can be set to three different actions: none, quarantine, or reject.

How to Implement DMARC Policies

To implement DMARC policies, you need to publish a DMARC record in your domain’s DNS records. The DMARC record specifies the policy that should be applied to emails that fail authentication, as well as the email address where DMARC reports should be sent.

To publish a DMARC record, you’ll need to create a TXT record in your domain’s DNS records. The TXT record should contain the DMARC policy, which consists of three parts: the policy type, the email address where DMARC reports should be sent, and the percentage of emails that should be subjected to the policy.

For example, the following DMARC policy instructs receiving mail servers to reject any emails that fail authentication and send DMARC reports to dmarc@example.com for 100% of emails:

v=DMARC1; p=reject; rua=mailto:dmarc@example.com; pct=100;

Common DMARC Policy Errors

When implementing DMARC policies, there are several common errors that can cause issues with email delivery. These include:

  • Not publishing a DMARC record at all
  • Setting the policy type to “none” instead of “reject”
  • Not specifying an email address for DMARC reports
  • Setting the percentage of emails subjected to the policy to 0%

To avoid these errors, it’s important to carefully review your DMARC policy before publishing it, and to test it using DMARC reporting tools to ensure that it’s working correctly.

How to Interpret DMARC Reports

DMARC reports provide valuable insights into your email traffic, including which emails are authenticating and which are not. To interpret DMARC reports, you’ll need to use a DMARC reporting tool like MXtoolbox which can parse the DMARC reports and provide you with easy-to-read charts and graphs.

Using DMARC to Improve Email Deliverability

In addition to improving email security, DMARC can also be used to improve email deliverability by ensuring that legitimate emails are not blocked or sent to spam. By implementing DMARC policies correctly and monitoring DMARC reports, you can identify and fix issues that may be causing emails to be marked as spam or blocked by receiving mail servers.

DMARC policy examples

1. DMARC policy set to “none”

"v=DMARC1; p=none; rua=mailto:dmarc_reports@yourdomain.com"
This DMARC policy instructs receivers to send DMARC aggregate reports to the email address specified in the rua tag. The policy set to “none” means that the receivers should take no action against emails that fail DMARC checks.

2. DMARC policy set to “quarantine”

 

"v=DMARC1; p=quarantine; rua=mailto:dmarc_reports@yourdomain.com"
This DMARC policy instructs receivers to send DMARC aggregate reports to the email address specified in the rua tag. The policy set to “quarantine” means that the receivers should send emails that fail DMARC checks to the spam or junk folder.

3. DMARC policy set to “reject”


"v=DMARC1; p=reject; rua=mailto:dmarc_reports@yourdomain.com"
This DMARC policy instructs receivers to send DMARC aggregate reports to the email address specified in the rua tag. The policy set to “reject” means that the receivers should reject emails that fail DMARC checks and not deliver them to the recipient’s inbox.

It’s important to note that DMARC policies should be implemented gradually, starting with a policy set to “none” to allow for monitoring and adjustment of the policy before moving on to “quarantine” or “reject”. This ensures that legitimate emails are not blocked or sent to spam by mistake. It’s also important to regularly review DMARC reports to identify any issues and make necessary adjustments to the policy.

Need reporting software?

The best thing about DMARC is the reporting. You can get reports whenever unaligned e-mails are identified by e-mail providers which helps you to debug any deliverability issues.

We recommend going with some of the big guys like dmarcian who support automatic, aggregated reports showing you in detail how your e-mails are delivered.

Conclusion

DMARC is an essential tool for anyone who wants to improve the security and deliverability of their email communications. By implementing DMARC policies correctly and monitoring DMARC reports, you can actively protect your domain from email spoofing and phishing attacks, ensuring secure and reliable email communication. Invest in DMARC to safeguard your organization’s reputation and maintain trust with your recipients in the ever-evolving landscape of email security.

Heysender blog

Read our other blog entries to get new inspiration for your transactional emails.

Email Segmentation Strategies: How to Target the Right Audience

Email marketing remains a powerful tool for businesses to connect with their audience. However, not all emails are created equal. To maximize your email marketing efforts, it's crucial to segment your audience and deliver targeted messages. In this blog post, we'll...

How to Maintain a Clean Email List for Improved Deliverability

Email marketing remains a powerful tool for businesses to connect with their audience. However, maintaining a clean and healthy email list is crucial for optimal deliverability and engagement. A clean email list not only ensures that your messages reach the intended...

A Strategical Guide to Combining Email and SMS Marketing

 Successful businesses today rely on effective communication to build and maintain strong customer relationships. While email marketing has long been a staple for reaching audiences, SMS marketing has emerged as a complementary channel with its ability to deliver...

The Power of Email Subdomains

Email subdomains are a powerful tool for organizing and managing your email traffic. By creating separate domains for different departments, teams, or projects, you can improve communication, enhance branding, and streamline your email workflow. In this guide, we'll...

A Guide to Exceptional Customer Service in E-commerce

In today's digital age, e-commerce has revolutionized the way we shop. With just a few clicks, consumers can access a vast array of products and services from the comfort of their own homes. However, while convenience is a major draw, it's equally important to ensure...

Transactional Emails & GDPR: A Compliance Guide

Transactional emails – those essential communications confirming orders, resetting passwords, or detailing purchases – are often overlooked when it comes to data privacy regulations. It's a common misconception that these routine messages fall outside the scope of...

Understanding Email Blacklists and How to Avoid Them

Ever send an important email that seems to vanish without a trace? It might be stuck in the dreaded email blacklist purgatory. But don't worry, you're not alone. Many businesses and individuals fall victim to this silent sender's nightmare. But what exactly is an...

Upgrade Your Email Security with Sender Profile Validation

Ever gotten excited about a discount offer in your email, only to discover it was a cleverly disguised attempt to steal your shopping credentials? Every day, a flood of emails arrives, promising deals, updates, and connections. But just like a bustling marketplace can...

Phishing: A Threat to Your Inbox and Your Domain

Have you ever received an email that looks like it's from your bank, but something just feels off? That might be a malicious attempt on phishing. Phishing emails are a cunning attempt by cybercriminals to trick you into revealing sensitive information, like passwords...

How a Deliverability Audit Can Save Your Email Marketing Efforts

Investing significant time and effort into crafting compelling email marketing campaigns can be rendered ineffective if those messages fail to reach their intended recipients.  Unfortunately, this scenario is not uncommon. Emails can be relegated to spam folders or...