Domain-based Message Authentication, Reporting, and Conformance (DMARC) is one of the key Internet standards that enable email authentication. DMARC builds on two earlier standards, SPF and DKIM, by requiring alignment between the visible ‘From’ header and the usually invisible ‘Return-Path or ‘DKIM signature’ in the headers of each message.
DMARC also enables domain name owners to provide handling instructions — such as pass, quarantine, or reject — for unauthenticated messages. And it adds a reporting mechanism for receivers to provide domain name owners with information about emails sent on their behalf.
How it Works
- Domain name owners publish DMARC records to the Domain Name System (DNS).
- An email receiver receiving an email message searches DNS for published DMARC, DKIM, and SPF records to verify the sender is authorized to use the domain address in the ‘From’ field.
- If a DMARC record exists but the message fails the tests, the receiving mail server follows the instructions in the DMARC policy to deliver, quarantine, or reject the message.
- The receiver sends regular aggregate reports to domain owners, usually daily, detailing information about the number of emails sent using their domain, their authentication status, whether the messages were delivered or not, and which IP addresses those messages originated from.
DMARC Eliminates Same-Domain Name Phishing — DMARC is supported by over 75 percent of the world’s email inboxes, including 100% of the major U.S. inbox providers. That means that when fully enforced, DMARC ensures that only authorized senders can transmit messages on a domain owner’s behalf, and guarantees a match between the visible ‘From’ and the hidden ‘Return-Path’ or ‘DKIM’ field addresses in each message.
DMARC Increases Email Deliverability — When set to a policy of enforcement, DMARC reduces unwanted emails sent by impostors hijacking your domain name. Such emails damage a company’s reputation among customers and spam filters, hurting deliverability. DMARC at enforcement puts a stop to that, and as a result domain owners see a substantial improvement in email deliverability.
DMARC Provides Global Visibility — When properly utilized and interpreted, DMARC’s reporting mechanisms provide information about services sending email on your behalf, and can give you full visibility over your email ecosystem.