What is a DMARC policy and what it is used for

DMARC, or Domain-based Message Authentication Reporting and Conformance, is an open source email authentication protocol that provides domain-level protection for the email channel. This authentication detects and prevents email spoofing or impersonation techniques used in phishing, corporate email compromise (BEC) attacks, and other email-based attacks. Taking the existing standards DKIM, DMARC, and SPF as a starting point, the first broad application spectrum technology that can achieve establishing sender header (“From”) domain reliability is DMARC. The domain owner can publish a DMARC record in the Domain Name System (DNS) and create a policy to tell recipients what to do with email that fails authentication.

Therefore, DMARC allows a sender to impose recipient servers to perform certain behaviors on messages that have their own domain (From :), if the SPF and DKIM settings are not valid.

The DMARC email authentication system is used to protect against spoofing or phishing attempts sent by unreliable senders. DMARC can produce daily reports in XML format regarding the flow of emails. This helps verifying that the servers sending emails on your behalf are legitimate.

Set a DMARC policy

Before activating a DMARC policy for your domain, make sure that the SPF record is set correctly.
Setting up a DMARC record requires you to choose how suspicious emails are handled. Emails are considered suspicious when they don't conform to the domain's SPF and DKIM settings.

Policy options (p) are:

  • none: no action is performed on the message;
  • quarantine: messages are marked as spam and moved to the Spam folder of Mail PRO Service;
  • reject: the recipient server is required to reject the message.

Important: We recommend activating DMARC policies gradually, starting from 'None', followed by 'Quarantine' and 'Reject'.
An example of DMARC record could look this:

v=DMARC1; p=quarantine; rua=mailto:[email protected]; ruf=mailto:[email protected]

This record instructs recipient servers to mark suspicious messages as spam and sends the daily report to the address [email protected].

To apply the above record, it is necessary to create a TXT type record in the domain DNS:

Record Name: _dmarc.mycompany.com
Record Type: TXT
Value: v=DMARC1; p=quarantine; rua=mailto:[email protected]; ruf=mailto:[email protected]

Mail PRO services interprets and applies the DMARC policies set by the sender but does not include the sending of daily XML reports.

It is also possible to use web tools to create your own DMARC policies: https://www.kitterman.com/dmarc/assistant.html 

 

 

Was this answer helpful? 0 Users Found This Useful (0 Votes)