DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email protocol that, when made public for a domain, governs what occurs when an authentication test fails and the recipient server cannot confirm that the sender of the message is who they claim to be.
Now that I have your attention! You know exactly what I am talking about. Somehow your spam filtering also filters out your important emails and they end up in spam or junk. There is a reason this happens and a way around it. Now stay focused because the information will be technical.
Receiving organizations evaluate communications claiming to be from the sender’s domain using those authentication tests (SPF & DKIM) to ascertain whether the message was actually delivered by the domain named in the message or not.
What should happen to messages that fail authentication checks?
This is mainly handled by DMARC (SPF & DKIM).
Do they need to be quarantined?
Rejected? Or should we allow the communication to go through even though it couldn’t authenticate itself? DMARC serves as a gatekeeper for inboxes and, when configured correctly, can stop malware and phishing assaults from reaching the inbox.
A DMARC record?
DMARC publishes instructions on how to handle emails from a domain using DNS (e.g., do nothing, quarantine the message, or reject the message). Nearly all email systems can determine how email purportedly coming from your domain should be handled because they employ DNS. Due to the fact that only one DNS change is necessary to set it up (through a DMARC (TXT) record), it is also easy to implement.
How Does DMARC Function?
The authentication tests we previously mentioned, SPF and DKIM, are utilized along with DMARC, and these three elements work incredibly well together to authenticate a message and decide what to do with it.
In essence, a sender’s DMARC record advises a recipient of what to do in the event that they get a suspicious email purporting to be from a specific sender, such as ignore it, quarantine it, or reject it. The process is as follows:
- At their DNS hosting business, the domain owner posts a DMARC DNS Record.
- When an email is sent from the domain (or someone pretending to be the domain), the receiving mail server checks to see if the domain has a DMARC record.
- The mail server then conducts DKIM, SPF, and alignment tests to confirm that the sender is actually the domain that it claims to be.
Has the communication been properly signed with a valid DKIM-Signature?
Does the sender’s IP address match those listed in the SPF record as approved senders?
Do the domain alignment tests on the message headers pass? - The mail server is now prepared to apply the DMARC policy for the sending domain with the DKIM and SPF findings. Basically, this policy states:
If a message fails the DKIM/SPF tests, should I quarantine, reject, or leave it alone? - The receiving mail server (think Gmail) will send a report on the outcome of this message and any additional mail they see from the same domain after deciding what to do with the message. The email address or addresses listed in the domain’s DMARC record will get these reports, which are known as DMARC Aggregate Reports.
PCtronics can be YOUR technology partner to meet the IT needs of your company so you can focus on your day to day routines without worry!
