What is DMARC?
DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication protocol. It is a protocol that uses Sender Policy Framework, (SPF) and DomainKeys identified mail (DKIM) to determine the authenticity of an email message.
It helps protect email senders and recipients from spam, spoofing, and phishing.
How DMARC works?
- The domain owner creates and publishes a DMARC DNS Record.
- When an email is sent by the domain (or someone is attempting to spoof the domain), the recipient mail server will verify if the domain has a DMARC record.
- The mail server performs DKIM and SPF authentication and alignment tests to verify if the sender is really the domain it says it is.
- Does the message have a proper DKIM-Signature?
- Does the sender’s IP address match authorized senders in the SPF record?
- Do the message headers pass domain alignment tests?
- Based on the DKIM & SPF results, the server will decide what to do with the message according to the DMARC policy. This policy basically says: Should I quarantine, reject, or do nothing to the message if the message has failed DKIM/SPF tests?
- The receiving mail server will send a report (to the email address specified in the domain’s DMARC record) on the outcome of this message. The reports are called Aggregated Reports, which provides an overview on the usage of email domain across the internet.