Webinars

DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is an email authentication, policy, and reporting protocol. It builds on the widely deployed SPF and DKIM protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor protection of the domain from fraudulent email. 

DMARC specifications when implemented appropriately would enable organizations to reduce spam and phishing emails sent to their customers and employees from unauthorized senders and domains. It would enable fraud protection, simplified email delivery and domain reputation. In addition it will also benefit the domain management and compliance functions of the organization.

SPF or Sender Policy Framework is a protocol for email message authentication. The SPF specification identifies a set of domains that are allowed to send emails on behalf of an organization. An organization may work with various 3rd parties and enable them to send emails on the firm's behalf (such as marketing emails, payroll etc.). It is implemented using DNS record. SPF is defined in RFC-7208.

DKIM or DomainKey Identified Mail is a protocol for email message authentication. The DKIM specification enables the mail receiver agent to verify that the sender indeed has sent the email. The sender sets the DNS domain record with public key of the sender. The outgoing email server uses the private key of the sender and signs the hash of the email, which the receiver can validate using the public key of the sender (published in the DNS DKIM record).

Companies receiving email from the Internet apply many different methods to analyze incoming messages, including SPF and DKIM as well as spam filters, rate limiters, and many other techniques. But frequently Receiver A is performing one set of checks, while Receiver B makes a different set of checks or treats the messages that fail those checks in a completely different way. So one receiver may treat a message with a little more suspicion if it fails an SPF, while another may subject that failing message to an expensive in-depth analysis to determine if it’s spam or not.

DMARC doesn’t eliminate the need for additional forms of analysis, but it does provide a way for participating senders and receivers to streamline the process by coordinating their efforts. If Receiver A can tell that Sender B is using DMARC, then Receiver A can have more confidence in the decisions they make about messages using Sender B’s domain. Because they can more clearly tell which messages are legitimate and which aren’t, they can reduce their processing overhead while preventing more spam and phishing messages from reaching their customers’ inboxes.

DMARC would restrict the fraudsters from impersonating your domain from sending malicious emails. Since, DMARC would be initially deployed in monitoring mode, you would be able to identify the number of spoofed emails being sent on your organisation name. Once you move to block mode, you would be normally able to see the reduction in the spoofed email which are being rejected by the consumer mailboxes supporting DMARC

In case you implement DMARC on your active domain, you should ideally expect to receive your first aggregate report after 24-48 hours of implementing the DMARC. It also depends on the TTL value set by the organisation on its DNS server.

If the SPF, DKIM and DMARC policy are not properly defined, then there is a possibility of mails going to spam folder. It is always advisable to first implement the DMARC in monitoring mode. Analyse the aggregate reports in order to identify any issues in the implementation and then gradually migrate the mails to quarantine mode. When migrating, one has to subject only small percentage of mails to the DMARC policy so that the impact of the organisation emails are minimal

While the domains that you own is not used for sending emails, the fraudsters may still be using this domain for malicious activity and the end users may fall prey to this attack vector. Hence it is advisable to implement DMARC for these domain as well.