DMARC stands for Domain-based Message Authentication, Reporting & Conformance.
It is a type of email authentication protocol that helps verify the origin of an email and confirm that they are sent from genuine domains.
This method is designed to help organizations prevent cybercriminals from impersonating their domains via email and protect against phishing scams and other email-based cyberattacks.
How it works ?
DMARC uses SPF and/or DKIM authentication mechanisms to verify the authenticity of the sender. Domain owners can add a DMARC record in the zone DNS of their domain. It is a text entry with domain policy specifications.
Depending on the specifications, once DKIM or SPF (or both) pass the check, DMARC authenticates, allowing the mail server to verify the sending domain.
In general, if there is a DKIM signature and the sending server is found in the SPF record, the email will be sent to the recipient's inbox.
If the message fails the authentication, it is processed according to the selected DMARC policy: none, quarantine or reject.
- None: the receiving server doesn't take any action if your emails fail authentication, nor does it protect you from scammers, so we don't recommend setting it up.
- Quarantine: messages originating from your domain that do not pass the DMARC check are quarantined. So the emails will be sent to the spam folder.
- Reject: the receiving server rejects all messages that fail authentication. These emails will not reach the recipient and will cause a bounce.
DMARC also provides reports that are generated on all the emails you receive and provide informations on all the IP addresses that send emails from your domains, which helps spot cybercriminals who are using those domains to send spam and phishing attacks, which appear to come from your domains. They also provide information on how spoofed mail is handled.
How do I create and validate a DMARC record?
To generate a DMARC record, you can use an online tool: DMARC Record Generator
You can validate your DMARC record using this tool: DMARC Checker