How DMARC Helps Protect Email

calendar Mar 25, 2023 · 3 min read · security  ·
Share on: linkedin copy

DMARC stands for Domain-based Message Authentication, Reporting and Conformance. It is an email security protocol that helps domain owners protect their email from unauthorized use, such as spoofing, phishing, or scams. DMARC builds on two existing email authentication mechanisms: SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail).

Here's what we need to know about SPF and DKIM:

  • SPF allows domain owners to publish a list of authorized sending servers for their domain in a DNS TXT record. This way, receiving mail servers can check if the email originated from a legitimate source. For example, if you use Zoho Mail with your domain, they suggest you add their domain zoho.com to the SPF record.

  • DKIM allows domain owners to digitally sign their email messages with a private key and publish the corresponding public key in a DNS TXT record. This way, receiving mail servers can verify the integrity and authenticity of the email by decrypting the signature with the public key. This also helps ensure that emails have not been altered while moving between sending and recieving mailservers.

DMARC adds an extra layer of protection by allowing domain owners to publish a policy in a DNS TXT record that specifies how receiving mail servers should handle email messages that fail SPF or DKIM checks. The policy can instruct the receiver to reject, quarantine, or accept the email.

DMARC also introduces the concept of alignment, which means that the domain in the SPF-authenticated Mail From address or the DKIM-authenticated d=domain must match or be a subdomain of the domain in the visible From address. Additionally, DMARC allows domain owners to request feedback reports on authentication results. For example:

  • You use a domain called 11111.com to send email using 00000.com
  • In this case, you would sign your email with a DKIM signature that includes d=00000.com
  • The recipient's email server would then check the signature you provided and compare it with to the visible From address in your email.
  • If the visible From address is user@11111.com, then there is no alignment between the two domains.

Here's the steps that the recipient mail server goes through when using DMARC:

  1. The receiver looks up the DMARC TXT record for the domain in the visible From address using the format _dmarc.domain.com.
  2. The receiver checks if the email message has a valid SPF and/or DKIM signature that passes the alignment test with the domain in the visible From address.
  3. The receiver applies the DMARC policy based on the outcome of the SPF and/or DKIM checks and the instructions in the DMARC TXT record.
  4. The receiver sends back aggregate or forensic reports to the domain owner based on the request in the DMARC TXT record.

DMARC is an effective way to prevent email fraud and enhance email security. By implementing DMARC, domain owners can increase their reputation, trust, and deliverability of their email messages, as well as reduce spam and phishing attempts using their domain.

Zoho has some really good resources that go into more depth than this article. Here are some links from their documentation.

DMARC | SPF | DKIM