Skip to main content

DMARC (Domain based Message Authentication, Reporting and Conformance)

Introduction

DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication protocol. It is designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. The purpose and primary outcome of implementing DMARC is to protect a domain from being used in business email compromise attacks, phishing emails, email scams and other cyber threat activities. source

Description

The owner of a domain can, by means of a DNS record, publish a policy that states how to handle e-mail (deliver, quarantine, reject) which is not properly authenticated using SPF (Sender Policy Framework) and/or DKIM (DomainKeys Identified Mail).

Read More

Example

As an example, swigg.net is setup with the following DNS record.

Domain Type Value
_dmarc TXT v=DMARC1; p=quarantine; rua=mailto:dustin@swigg.net; ruf=mailto:dustin@swigg.net; sp=none;quarantine; ri=86400

This rule can be read as telling MTA (Mail Transfer Agents) the following.

Component Description
p=quarantine treat mail that fails DMARC check as suspicious
rua=mailto:dustin@swigg.net send aggregated reports to dustin@swigg.net
ruf=mailto:dustin@swigg.net send forensic reports to dustin@swigg.net
sp=none treat mail that fails DMARC check as suspicious for subdomains
ri=86400 send reports every 24 hours (86400 seconds)