What is DMARC and why you need it to keep your emails safe

Introduction

Email remains one of the most common and convenient means of communication, both for personal and business purposes. However, it's also one of the most vulnerable to cyberattacks. According to Proofpoint (the leading provider of email security for Fortune 100 companies), 94% of cyberattacks are initiated via email. This amounts to approximately 3.4 billion malicious emails each day.

Clearly, the default settings of major email providers is not enough to keep companies safe from phishing, BEC, spoofing, malware, and other email-based threats. With the number and sophistication of threats continuing to rise from year to year, it is more important than ever to protect email with a properly implemented Domain-based Message Authentication, Reporting, and Conformance (DMARC) policy.

So, what exactly is DMARC and why is it so important for email security?

What is a DMARC policy?

A DMARC (Domain-based Message Authentication, Reporting, and Conformance) policy is an email authentication protocol that builds upon two other essential email security protocols: SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail).

Let's look at these three components in more detail:

SPF:

A Send Policy Framework (SPF) allows domain owners to specify which servers are authorized to send email on their behalf. It creates a DNS (Domain Name System) record that defines the authorized mail servers for the domain. If an email in your name does not originate from an authorized mail server, the email will not be sent.

DKIM:

DomainKeys Identified Mail (DKIM) adds a digital signature to email messages, providing a way for recipients to verify that a message was indeed sent by the domain it claims to originate from.

DMARC:

DMARC serves as an added layer of security on top of SPF and DKIM by enabling organizations to instruct email recipients on how to handle emails that fail authentication checks.

A DMARC policy can instruct recipients to:

• "Quarantine" or "Reject" emails that fail authentication checks, meaning they should be sent to the recipient's spam or junk folder, or rejected outright.

• "Monitor" emails that fail authentication checks, meaning receivers should send aggregate and/or forensic reports to the sender about the failed messages without taking immediate action.

With a DMARC policy in place, receivers can distinguish between legitimate and fraudulent email, thereby reducing the risk of employees falling prey to phishing and spoofing attacks.

How to implement DMARC correctly

Implementing DMARC is not a one time thing. As a malleable policy it requires constant oversight and optimization, especially if you have multiple separate email domains, as in corporate groups, for example. When this is the case, each unique company domain needs its own individual DMARC policy that is programmed to accept emails from a set list of trusted emails and servers, as well as updated consistently to identify and block current and evolving threats.

The first step in implementing DMARC is to go to your DNS server administrator. This is where you can create DMARC records for your domains.

Once activated, a DMARC policy will be automatically set to DMARC’s “monitor” mode (p=none). In monitor mode, you can gather information on your entire email ecosystem, including who is sending emails on behalf of your brand (and who is pretending to do so for gain), what emails are passing authentication tests, and what emails are not.

Although “monitor” mode will flag suspicious emails, it will not block or reject them. For that you need to configure and tailor your policy based on the initial DMARC reports you receive. The information in these reports will allow you to start building a block list (p=reject) so those misusing your brand and domain can no longer do so. However, you need to be able to understand and read DMARC reports in order to make the necessary changes to the policy. This is where people like us come in to help.

Conclusion

The threats to email will continue to grow and evolve in the coming years. Just as AI is transforming business, it is also transforming digital crime. As the sophistication of email attacks increases so will the potential damage to your business and the cost of repair. Email giants Google and Yahoo already recognize this and have made DMARC activation mandatory for email domains they host. Those that do not activate DMARC will risk email non-deliverability, effectively interrupting key business communication.

A DMARC policy is not difficult or time-consuming to activate, especially with expert help that can also help you maintain and optimize DMARC for multiple domains. It just takes a phone call to your DNS server administrator to get started and flip the activation switch.

Do you know if DMARC is enabled for your email domain?

Use our DMARC verification tool to check if DMARC is enabled for your email domain.