What is DMARC?

DMARC is a type of email authentication protocol that leverages the widely used SPF and DKIM protocols to improve a sender’s understanding of how their email in circulation is processed.  Email claiming to be from their domain is analyzed by receiving organizations and a digest of acceptance/failures is sent back to the sender.  DMARC is used to reduce spam and fraudulent email by giving senders information on what recipients see.  DMARC stands for Domain-based Message Authentication, Reporting & Conformance.

How is DMARC setup?

DMARC uses DNS to publish information on how an email from a domain should be handled.  Because it uses DNS, anyone can publicly access your DMARC record to see how to process email that is reportedly from your domain.  This also makes it simple to deploy, only requiring a DMARC (TXT) record.

dmarc-googlerecord

An example DMARC record from Google.com.

How is it used?

DMARC is used in conjunction with SPF and DKIM.  Essentially a sender’s DMARC record tells a recipient what to do with suspicious email purporting to come from a sender.  Does it have a proper DKIM signature (and should it)?  Does it match authorized senders in the SPF record?  Should I pass it on, quarantine it or send it back?  Finally, is there an email address I can forward information about suspicious emails so that the sender is aware of the problem?  DMARC records contain all of these policy decisions.

Why do I need DMARC?

DMARC helps in the fight against malicious email practices that put your business in danger.  Whether you are doing e-commerce or offline sales, your business uses email as a primary means of communication with employees, customers and suppliers.  Unsecured email is easy to spoof and increasingly sophisticated criminals are finding lucrative ways to utilize email.  DMARC helps senders and receivers of email work together to better secure email and reduce spoofing.

MxToolbox Tools for DMARC

MxToolbox has the free tools you need to test your DMARC setup and compare it to best practices.  MxToolbox’s DMARC lookup checks your DNS DMARC record for availability and compatibility with RFCs, which is especially useful when you setup your initial DMARC record.

dmarc-googleresults

A simple DMARC record for Google.com. This one instructs recipients to reject email that comes from Google.com that doesn’t pass DKIM and SPF and where to send the feedback about rejected emails.

dmarc-outlookrecord

A more complex DMARC record used by Outlook.com

Once your record is setup, it is a good idea to monitor your DMARC record to make sure it is publicly accessible.  MxToolbox Monitoring Solutions provide a first-line defense against missing or lost DNS records, like your DMARC record.

What’s coming?

MxToolbox is dedicated to making it easier for you to get your message through to your customers, by providing free tools and paid services like monitoring.  We have introduced a free DMARC reporting tool that takes your recipients DMARC responses and allows you to analyze them.

Coming SOON! We will have an advanced service that goes into more depth on DMARC reporting including your email delivery statistics, setup issues with DKIM and SPF and the reputation of all your sending and receiving servers.

2 thoughts on “What is DMARC?

  1. Pingback: Announcing MxDelivery Center | MxToolbox Blog

  2. Pingback: Why Blacklisting isn’t really the problem.. | MxToolbox Blog

Comments are closed.