DMARC, SPF & DKIM

What is DMARC and How does it work?

DMARC (Domain-based Message Authentication Reporting and Conformance) is an email authentication protocol that was created with the objective of securing business domains and brands from spoofing attacks. An attacker can pretend to be your company in order to send phishing email to your customers, business partners, and employees.

 

The goal of DMARC is to build on this system of senders and receivers collaborating to improve mail authentication practices of senders and enable receivers to reject unauthenticated messages. DMARC is built on two technologies: SPF (Sender Policy Framework), and DKIM (DomainKeys Identified Mail). 

 

SPF - (Sender Policy Framework)
If you Implement SPF, you can publish an SPF Record to your DNS for your domain. A receiver will be able to compare the IP address of the sender with the authorized IPs in the SPF record when it receives an email from your domain. The message will be rejected by SPF if it arrives at the receiver's server from an IP that is not on this list.
 
DKIM - (DomainKeys Identified Mail)
DKIM attaches a digital signature to authorized emails.When an unauthorized sender tries to tampers with your emails or send an email from your domain the receiving server can detect this and stop the email from being delivered.
 

In order for a message to be DMARC-approved, it has to pass either SPF or DKIM authentication. If an email fails both, the server checks your DMARC policy to see what to do next. Your policy can be set in your DMARC record to one of 3 options:

  • p=none — Even emails that fail authentication are delivered to the receiver’s inbox.

  • p=quarantine — Unauthenticated emails go to the spam folder.

  • p=reject — Emails that fail DMARC are not delivered to the recipient.