What is DMARC.

Overview of DMARC.

Email authentication technologies SPF and DKIM were developed over a decade ago in order to provide greater assurance on the identity of the sender of a message. Adoption of these technologies has steadily increased but the problem of fraudulent and deceptive emails has not abated. It would seem that if senders used these technologies, then email receivers would easily be able to differentiate the fraudulent messages from the ones that properly authenticated to the domain. Unfortunately, it has not worked out that way for a number of reasons.

  1. Many senders have a complex email environment with many systems sending email, often including 3rd party service providers. Ensuring that every message can be authenticated using SPF or DKIM is a complex task, particularly given that these environments are in a perpetual state of flux.
  2. If a domain owner sends a mix of messages, some of which can be authenticated and others that can not, then email receivers are forced to discern between the legitimate messages that do not authenticate and the fraudulent messages that also do not authenticate. By nature, spam algorithms are error-prone and need to constantly evolve to respond to the changing tactics of spammers. The result is that some fraudulent messages will inevitably make their way to the end user's inbox.
  3. Senders get very poor feedback on their mail authentication deployments. Unless messages bounce back to the sender, there is no way to determine how many legitimate messages are being sent that can not be authenticated or even the scope of the fraudulent emails that are spoofing the sender's domain. This makes troubleshooting mail authentication issues very hard, particularly in complex mail environments.
  4. Even if a sender has buttoned down their mail authentication infrastructure and all of their legitimate messages can be authenticated, email receivers are wary to reject unauthenticated messages because they cannot be sure that there is not some stream of legitimate messages that are going unsigned.


The only way these problems can be addressed is when senders and receivers share information with each other. Receivers supply senders with information about their mail authentication infrastructure while senders tell receivers what to do when a message is received that does not authenticate.


What is DMARC?

(DMARC) Domain-Based Message Authentication Reporting is the security email protocol that leverages DNS and uses the Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) open protocols to verify email senders.

What is DKIM?

Organizations and their clients are being harmed by malicious emails send on their behalf, DMARC can block these attacks. With DMARC an organization can gain insight into their email channel. Based on the insight this gives, organizations can work on deploying and enforcing a DMARC policy. When the DMARC policy is enforced to p=reject, organizations are protected against: • Phishing on customers of the organization • Brand abuse & scams • Malware and Ransomware attacks • Employees from spear phishing and CEO fraud to happen

What is SPF?

Sender Policy Framework (SPF) is an email authentication method that specifies the mail servers authorized to send an email for your domain. SPF helps protect your domain from spoofing and helps ensure that your messages are delivered correctly. Mail servers that get mail from your domain use SPF to verify that messages that appear to come from your domain actually are from your domain.

DMARC in 5-Easy Step-

DMARC has been designed based on real-world experience by some of the world’s largest email senders and receivers deploying SPF and DKIM. The specification takes into account the fact that it is nearly impossible for an organization to flip a switch to production. There are a number of built-in methods for “throttling” the DMARC processing so that all parties can ease into full deployment over time.

  1. Deploy DKIM & SPF. You have to cover the basics, first.
  2. Ensure that your mailers are correctly aligning the appropriate identifiers.
  3. Publish a DMARC record with the “none” flag set for the policies, which requests data reports.
  4. Analyze the data and modify your mail streams as appropriate.
  5. Modify your DMARC policy flags from “none” to “quarantine” to “reject” as you gain experience.

Without DMARC, DKIM & SPF                                                               




Desh Cyber We provide 365-day DMARC reporting & capabilities to protect your brand. Let's talk to our security expert to assess your security posture on-premise, cloud email solutions, Zimbra, and  Mx Exchange  Solutions.

Author: Desh Cyber Security Analyst Team
March 28, 2021

Share on

Are you looking for -

Cyber Security Experts?