What is a DMARC policy?
Domain-Based Message Authentication, Reporting, and Conformance (DMARC) is an email security record that assists with phishing prevention on your email domain. It aligns your SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) email authentication checks and instructs ISPs on handling them.
To better understand DMARC records, let’s quickly review their security partners.
SPF is an email authentication check in which ISPs check your list of approved hostnames or IP addresses. If the sender is on your list, it passes the check.
DKIM is a unique, encrypted signature you add to every authorized email. The ISP looks up the signature, compares it to the key in the email, and issues a pass or fail accordingly.
Both of these are isolated email authentication checks. However, with a DMARC policy, you can connect the two and help the ISP better protect its users and your email domain. DMARC records create a flow of operations for the ISP to follow if a sender fails either or both checks.
For example
Sender A fails the SPF check. The ISP then knows to issue the corresponding DKIM check. If A fails to authenticate, the ISP checks your DMARC records. You determine the following actions with your DMARC record policy.
DMARC policy options are as follows:
- None - The ISP takes no action and the message may reach the inbox. This is useful for early monitoring and observation. However, you are vulnerable as spoofers can readily reach users.
- Quarantine - Messages that do not pass email authentication go to a quarantine area if the email server has one available. Otherwise, these messages go to the spam folder.
- Reject - The ISP rejects messages that do not pass email authentication.
DMARC helps synergize your email security efforts and gives you greater control over your email activity. You’ll also have ongoing reports to alert you of suspicious activity to know who to allow, quarantine, or reject.