What is DMARC? Geeky Edition!
We also have this information in video format.
DMARC, Domain-based Message Authentication, Reporting & Conformance, is an email security protocol that verifies email senders by building on the DNS services and the SPF, and DKIM protocols (put graphic with acronym defs). It was created to block the threat of email spoofing, domain spoofing, email phishing, business email compromise, and other email-based attacks.
By the way, email delivery folks like Google and Yahoo are starting to require DMARC in order for your email to get delivered. No DMARC? Your email won’t get delivered (so far this is for people sending over 5,000 emails per day). Like it or not, you need to pay attention to this.
DMARC works by first requiring DKIM or SPF to be in place on an email domain for every party that sends email on the behalf of that domain. And there needs to be a DMARC record to be in the DNS. For a message to pass DMARC authentication, it must pass SPF authentication and DKIM authentication. If the message fails either authentication, senders can instruct receivers on what to do via a DMARC policies which are none, quarantine, and reject.
If the message fails DMARC protocol and the DMARC policy is "none," then the email still gets sent through even though it failed. If the policy is "quarantine," the email gets sent to the spam/junk folder. And if the policy is "reject," the email is, you guessed it, not delivered.
Creating a strong DMARC policy is important because it also tells email servers who are receiving your emails summary reports back to a reporting email address to provide insight on how your email moved through the ecosystem. It's another step in allowing you to identify everything that uses your email domain.
Why use DMARC?
improves email deliverability
lowers the risk of email phishing attacks
protects domain reputation
provides thorough authentication reporting
enforces sender policies
Still confused about all of these acronyms? Check out our videos on DNS, SPF, and DKIM. You can also visit our Check Your DMARC webpage and submit a form with your question!