DMARC (Domain based Message Authentication, Reporting and Conformance)

Introduction

~~Sender Policy Framework~~DMARC (~~SPF)~~Domain-based Message Authentication, Reporting and Conformance) is an email authentication ~~method~~protocol. It is designed to ~~detect~~give ~~forging~~email ~~sender~~domain ~~addresses during~~owners the ~~delivery~~ability to protect their domain from unauthorized use, commonly known as email spoofing. The purpose and primary outcome of ~~the~~implementing ~~email. SPF alone, though,~~DMARC is ~~limited only~~ to ~~detect~~protect a ~~forged~~domain ~~sender~~from claimed in the envelope of the email which is used when the mail gets bounced. Only in combination with DMARC can it be used to detect the forging of the visible sender in emails (email spoofing), a technique oftenbeing used in business email compromise attacks, phishing emails, email scams and ~~email~~other ~~spam.~~cyber threat activities. source

Description

~~SPF~~The owner of a domain can, by means of a DNS record, publish a policy that states how to handle e-mail (deliver, quarantine, reject) which is ~~the~~not ~~most~~properly ~~basic~~authenticated ~~email authentication method. It involves simple DNS records that allow you to specify what servers email can originate from for the domain specified in the~~using ~~email~~SPF ~~envelope~~(Sender Policy Framework) and/or DKIM (DomainKeys Identified Mail).

Example

As an example, swigg.net is setup with ~~two~~the ~~SPF~~following ~~rules.~~DNS record.

sp=none;

Domain	Type	Value
@_dmarc	TXT	v=~~spf1~~DMARC1; mxp=quarantine; ~~include:_spf.google.com~~rua=mailto:dustin@swigg.net; ~~include:me.com~~ruf=mailto:dustin@swigg.net; ~~-all~~
*	~~TXT~~	~~v=spf1 mx:swigg.net -all~~ri=86400

~~These~~This ~~two entries~~rule can be read as ~~follows:~~telling MTA (Mail Transfer Agents) the following.

~~Any~~

~~email~~

~~ending~~

@swigg.

has

from

one

of

the

or

from

a

Google/Apple

Any

other

server sending email on behalf of this domain will be rejected.



Any email ending in @*.swigg.net has to originate from one of the MX records defined for swigg.net. Any other server sending email on behalf of these domains will be rejected.

Component	Description
p=quarantine	treat mail that fails DMARC check as suspicious
rua=mailto:dustin@swigg.net	send aggregated reports to ~~originate~~`dustin@swigg.net`
ruf=mailto:dustin@swigg.net	send MXforensic ~~records~~reports ~~defined~~to `dustin@swigg.net`
sp=none	treat mail that fails DMARC check as suspicious for ~~swigg.net~~subdomains
ri=86400	send ~~server~~reports ~~defined~~every in24 ~~their~~hours ~~SPF~~(86400 ~~policy.~~seconds)