DMARC and DMARC records
Cristian Rat
Last Update 8 months ago
TL;DR;
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is another email authentication protocol designed to protect your domain from email spoofing. It builds on top of two existing standards, SPF and DKIM, and gives domain owners more control over how their emails are authenticated and what happens if authentication fails.
How DMARC Works (Simplified):Setting Up DMARC:
- We provide a DMARC policy that you publish in your DNS records.
- This policy tells receiving email servers what to do if an email claiming to be from their domain fails SPF or DKIM checks.
SPF and DKIM Checks: When an email is sent, the recipient’s email server checks if it passes SPF (Sender Policy Framework) and DKIM authentication. DMARC requires that at least one of them passes and that the domain aligns (matches) with the sender’s address.
DMARC Policy Action: If the email fails these checks, the DMARC policy tells the recipient what to do:
- None: Take no action, just monitor.
- Quarantine: Treat the email suspiciously (often sending it to the spam folder).
- Reject: Block the email entirely.
Receiving Reports: DMARC also offers reporting. The domain owner can receive reports from mail servers detailing who’s sending emails on their behalf, whether they passed or failed authentication, and how often.
- Protects Against Spoofing: DMARC ensures that fraudulent emails pretending to come from your domain are identified and handled according to your policy.
- Increases Email Trustworthiness: By setting up DMARC, you ensure that only authorized senders can use your domain, boosting the likelihood that your emails will be delivered properly.
- Reports Give Insight: You’ll get visibility into who’s sending emails from your domain and can take corrective action if necessary.