DMARC | Effective protection against email spoofing
DMARC is an additional security feature for email communication. But what does DMARC do and does it offer advantages for brand protection? Who can use it?
Published by
Simone Catania
Date
What does DMARC mean and what does it do?
DMARC stands for “Domain-based Message Authentication, Reporting and Conformance”. It was jointly designed by Microsoft, Google, PayPal and Yahoo.
An SPF record determines which IP address an email from a domain may be sent from and DKIM ensures that the email is unchanged. DMARC is used to regulate how emails are handled that do not fulfill either of these requirements (SPF or DKIM). Companies can define their own specifications with DMARC – something that could previously only be defined by the provider (SPF/DKIM). This ensures an established verification of emails and their authenticity. The only prerequisite is that the receiving mailbox provider has implemented and performs this verification.
The IETF has already submitted DMARC for standardization. The relevant RCF can be read in RCF 7489.
Does using DMARC hold any advantages for companies?
With DMARC, companies can complete the authorization chain for email delivery and monitor irregularities. Over and above this, there are a number of further advantages that this scalable mechanism for emails offers:
Advantages of DMARC
- Security
An optional reporting feature allows the visualization of domain abuse cases for the first time, greatly assisting the monitoring of company reputation and delivery trends.- Transparency and control
DMARC creates transparency and enables control over all email channels.- Increased deliverability
With DMARC, transmission is improved by verifying the email and sender. In addition, the command sequence on delivery is optimized with further instructions.- Brand protection
DMARC prevents email phishing attacks and protects the company brand against such abuse.
With the implementation of DMARC, companies can benefit from four key advantages, as explained by DigiCert.
Who can use DMARC?
In principle, the use of DMARC is available to all domain owners, on the condition that the responsible ISP supports DMARC. The administrator of the receiving mailbox must also support DMARC. An SPF and DKIM record are respectively required in order to create a DMARC record.
How is DMARC implemented?
The implementation of DMARC mainly takes place via a TXT record in the domain zone. Let’s take a step-by-step look at the process.
- Decide whether DMARC should be used for the email traffic going over the main domain or over one of its subdomains. To protect your brand optimally, we recommend using the primary domain.
- Make sure that the essential “DMARC Identifier Alignments” or “Domain Alignments” (SPF and DKIM) have already been implemented in the target domain. If necessary, set these up first. With regard to SPF and DKIM records, take into account any additional email channels, such as email via another email service provider or via your own infrastructure. This is important to avoid DMARC unintentionally blocking these channels.
- Set up an email address to receive the DMARC reports.
- Create the TXT record in the domain zone. An example of this is:
_dmarc TTL IN TXT "v=DMARC1;p=policy;pct=100;rua=mailto:dmarcreports@internetx.com”
More detailed explanations of the respective specifications can be found on the official DMARC page.
Why domain experts use AutoDNS
You can easily create resource records like DMARC for your entire domain portfolio via AutoDNS, the domain platform developed by InterNetX. Related products like TLS/SSL or S/MIME certificates and name servers can also be managed in AutoDNS. Speak to our Partner Managers for more information about our products and solutions.