DMARC – what is it? How does it work? Why is it useful, and what advantages does it offer? You will find answers, among others, to these questions and basic information about the email. Familiarize yourself with them to increase the security of using your email. Let’s deep dive into it!
What is DMARC?
As an authentication mechanism for emails, DMARC (Domain-based Message Authentication, Reporting, and Conformance) protect against impersonation and reports violations when they occur.
This is done by informing the incoming mail server (i.e. the server that handles the addressee’s mailbox) what to do with the email that has been rejected by SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail).
We read that it is a mechanism. In general, A DMARC rule is a set of rules against which an email server must act. The DMARC authentication protocol relies on the SPF and DKIM protocols. These technologies complement each other.
Electronic Mail – Basic Terms
To learn more about DMARC, you need to be familiar with several technical aspects:
Above all, this article is useful for people or companies that use email in their own domain (so the end of the email address after @ is the same as your website address). Most likely, you keep your website on some hosting, where in addition to the disk space for your website files, you also get the option to create mail addresses on your own domain.
- An essential element of DMARC technology is the domain’s DNS zone record. Using records, you can store various advanced configurations for your domain in a DNS zone. Every single record, consisting of name, type, and value, provides some functionality.
- Technically, the mail server is a computer that receives and sends mail. There are two types of servers: outgoing mail servers (responsible for sending messages) and incoming mail servers (responsible for receiving messages).
- SPF (Sender Policy Framework) – a mechanism that verifies whether the sent email comes from a person with the right to use a given domain. The incoming mail server verifies, by checking the appropriate entry in the DNS zone of the domain from which the message was sent, whether the outgoing mail server is authorized to send messages for this domain.
Further, DKIM (DomainKeys Identified Mail) – an email authentication method using a digital signature in the message header generated from a private key.
How Does DMARC Work?
First of all, you should thoroughly understand the SPF and DKIM protocols. In short, it looks like this:
- The incoming mail server checks if there is a DMARC record in the DNS zone of the domain that appears in the address of the outgoing email.
- If a DMARC record is found, the SPF and DKIM tests are checked.
- The “domain alignment” is checked, i.e. whether at least one of the domains authenticated by the DKIM or SPF protocol is compatible with the domain in the “From” field, which is included in the message header.
- If the message has not passed SPF or DKIM tests, DMARC takes one of the following actions against the incoming message based on the policy specified in the domain DNS record:
- directs the message to the recipient’s SPAM;
- completely deletes the message;
- normally deliver the email to the recipient’s inbox.
- Additionally, which is probably one of the most essential elements of this mechanism, DMARC sends a report to the sender of the message, informing about the details of the event related to sending a given email.
- How DMARC behaves in the event of DKIM and SPF failure depends precisely on the DMARC record in the DNS zone.
As you can see, after configuring the DMARC record in the domain’s DNS zone, it contains identifiers. To these mailboxes, you can receive reports containing much information about whether someone is trying to send emails impersonating your domain.
In addition to clean information, thanks to these reports, you can configure the security of your email boxes better. You will see if, for example, some of your messages have been unnecessarily marked as SPAM. Thanks to this, you can change the DMARC configuration so that your emails do not end up, e.g. in recipients’ SPAM.
Why Is DMARC Worth Using?
DMARC protects you against phishing, i.e. impersonating you or your company. The point is to make sure that no one sends the email on your behalf. Further, incoming email servers reject such emails and do not reach the recipients. So, yes: it is worth using DMARC.
General advantages of using DMARC:
- Easy implementation (basic knowledge of adding records to the domain DNS zone is enough).
- It is free technology.
- It perfectly complements the DKIM and SPF protocols.
- Thanks to the reports, you will receive information about whether someone is trying to impersonate your company or person.
- Protection against your messages from ending up unnecessarily in the recipient’s SPAM mailbox. This is of great business importance.
To sum up, you know what a DMARC record should look like, so in practice, you should implement this technology yourself (of course, while it has not been implemented yet – some hosting providers install it by default). If you’re not feeling up to it and don’t have the technical know-how, you can hand it off to your hosting provider and request for enabling DMARC.
Lastly, the DMARC mechanism, in conjunction with the DKIM and SPF protocols, will allow you to provide better protection for your business – often, email correspondence is the basis for maintaining business contacts and carrying out various transactions. It is also worth implementing if you are the owner of, for example, an internet blog, and you correspond with your recipients.