How does it work?
A DMARC policy allows the sender to indicate that their messages are protected, and advises the receiver what to do – nothing, quarantine, or reject – if a received message does not match the DMARC policy. Because the specification is available with no licensing or similar restriction, any interested party is free to implement it.
What are the benefits?
DMARC benefits both recipients and senders. Email recipients are warned if an email is fraudulent or harmful and do not have to guess what to do with emails that fail the DMARC authentication. The senders can now identify how much email is coming from their own domain (or claiming to come from their domain), where it originated, and how recipients are handling the emails.
Can DMARC combat all types of email attacks?
No. DMARC can only provide protection against direct domain spoofing. If the owners/operators of example.com use DMARC to protect that domain, it would have no effect on example.eu (notice the ".eu" vs. ".com").
How to get started?
Although it technically can take less than an hour to build and publish a DMARC record, it is wise to first engage all teams with a stake in email security (security, marketing, fraud prevention, service desk, system administrators, and others) and then consider deploying DMARC in three steps:
- Monitoring mode: In monitoring mode, you advertise to the Internet that you want all DMARC-compliant email receivers to send you reports on who is sending email from your domain. No emails are flagged, blocked, rejected, or quarantined.
- Quarantine mode In quarantine mode, suspicious messages are flagged for review. This allows you to identify all internal and authorized email servers and ensure they are configured properly.
- Reject mode: In reject mode, spam and phishing messages are deleted by DMARC -protected email servers. This enhances the trust relationship between emails sent by you and received by DMARC-protected mailboxes.
As a final step, DMARC should be leveraged to detect and mitigate threats since it provides valuable reporting information about the amount and structure of phishing attacks and can help to improve fraud intelligence around targeted attacks on your brand.