What is DMARC and How to Use It

While emails have become a critical part of our daily lives, they have also become a major target for cybercriminals who use email spoofing and phishing attacks to steal personal information and spread malware. DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol designed to combat these attacks by actively verifying the authenticity of email messages.

In this article, we’ll explore what DMARC is, how it works, and how you can implement DMARC policies to improve the security and deliverability of your email communication.

What is DMARC?

DMARC is an email authentication protocol that works by using two other email authentication protocols, SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail), to verify the authenticity of an email message. SPF checks the IP address of the email sender against a list of authorized IP addresses published in the DNS records of the domain, while DKIM uses a cryptographic signature to verify that the email was not modified in transit and was sent by an authorized sender.

Once the email has been authenticated using SPF and DKIM, DMARC provides a policy for what action should be taken based on the authentication results. The DMARC policy can be set to three different actions: none, quarantine, or reject.

How to Implement DMARC Policies

To implement DMARC policies, you need to publish a DMARC record in your domain’s DNS records. The DMARC record specifies the policy that should be applied to emails that fail authentication, as well as the email address where DMARC reports should be sent.

To publish a DMARC record, you’ll need to create a TXT record in your domain’s DNS records. The TXT record should contain the DMARC policy, which consists of three parts: the policy type, the email address where DMARC reports should be sent, and the percentage of emails that should be subjected to the policy.

For example, the following DMARC policy instructs receiving mail servers to reject any emails that fail authentication and send DMARC reports to dmarc@example.com for 100% of emails:

Common DMARC Policy Errors

When implementing DMARC policies, there are several common errors that can cause issues with email delivery. These include:

• Not publishing a DMARC record at all
• Setting the policy type to “none” instead of “reject”
• Not specifying an email address for DMARC reports
• Setting the percentage of emails subjected to the policy to 0%

To avoid these errors, it’s important to carefully review your DMARC policy before publishing it, and to test it using DMARC reporting tools to ensure that it’s working correctly.

How to Interpret DMARC Reports

DMARC reports provide valuable insights into your email traffic, including which emails are authenticating and which are not. To interpret DMARC reports, you’ll need to use a DMARC reporting tool like MXtoolbox which can parse the DMARC reports and provide you with easy-to-read charts and graphs.

Using DMARC to Improve Email Deliverability

In addition to improving email security, DMARC can also be used to improve email deliverability by ensuring that legitimate emails are not blocked or sent to spam. By implementing DMARC policies correctly and monitoring DMARC reports, you can identify and fix issues that may be causing emails to be marked as spam or blocked by receiving mail servers.

DMARC policy examples

1. DMARC policy set to “none”

This DMARC policy instructs receivers to send DMARC aggregate reports to the email address specified in the rua tag. The policy set to “none” means that the receivers should take no action against emails that fail DMARC checks.

2. DMARC policy set to “quarantine”

This DMARC policy instructs receivers to send DMARC aggregate reports to the email address specified in the rua tag. The policy set to “quarantine” means that the receivers should send emails that fail DMARC checks to the spam or junk folder.

3. DMARC policy set to “reject”

This DMARC policy instructs receivers to send DMARC aggregate reports to the email address specified in the rua tag. The policy set to “reject” means that the receivers should reject emails that fail DMARC checks and not deliver them to the recipient’s inbox.

It’s important to note that DMARC policies should be implemented gradually, starting with a policy set to “none” to allow for monitoring and adjustment of the policy before moving on to “quarantine” or “reject”. This ensures that legitimate emails are not blocked or sent to spam by mistake. It’s also important to regularly review DMARC reports to identify any issues and make necessary adjustments to the policy.

Need reporting software?

The best thing about DMARC is the reporting. You can get reports whenever unaligned e-mails are identified by e-mail providers which helps you to debug any deliverability issues.

We recommend going with some of the big guys like dmarcian who support automatic, aggregated reports showing you in detail how your e-mails are delivered.

Conclusion

DMARC is an essential tool for anyone who wants to improve the security and deliverability of their email communications. By implementing DMARC policies correctly and monitoring DMARC reports, you can actively protect your domain from email spoofing and phishing attacks, ensuring secure and reliable email communication. Invest in DMARC to safeguard your organization’s reputation and maintain trust with your recipients in the ever-evolving landscape of email security.