DMARC (Domain based Message Authentication, Reporting and Conformance)
Introduction
DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication protocol. It is designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. The purpose and primary outcome of implementing DMARC is to protect a domain from being used in business email compromise attacks, phishing emails, email scams and other cyber threat activities. source
Description
The owner of a domain can, by means of a DNS record, publish a policy that states how to handle e-mail (deliver, quarantine, reject) which is not properly authenticated using SPF (Sender Policy Framework) and/or DKIM (DomainKeys Identified Mail).
Example
As an example, swigg.net is setup with the following DNS record.
| Domain | Type | Value |
|---|---|---|
| _dmarc | TXT | v=DMARC1; p=quarantine; rua=mailto:dustin@swigg.net; ruf=mailto:dustin@swigg.net; sp=quarantine; ri=86400 |
This rule can be read as telling MTA (Mail Transfer Agents) the following.
| Component | Description |
|---|---|
| p=quarantine | treat mail that fails DMARC check as suspicious |
| rua=mailto:dustin@swigg.net | send aggregated reports to dustin@swigg.net |
| ruf=mailto:dustin@swigg.net | send forensic reports to dustin@swigg.net |
| sp=none | treat mail that fails DMARC check as suspicious for subdomains |
| ri=86400 | send reports every 24 hours (86400 seconds) |
No Comments