DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol designed to protect your domain from same domain name email phishing attacks. It works with SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) to enhance email security.
DMARC policies define how recipient servers handle emails that fail SPF check and DKIM check:
DMARC is a TXT record that you add to your domain's DNS settings. It doesn't need any integration or installation with your current email setup. You don't have to change your MX or SMTP server details.
Simply insert the DMARC record into your domain's DNS settings, as recommended by your DMARC service provider like GoDMARC. Or if you've made your own DMARC records, you can create them here.
DMARC operates at the DNS level, where both the sender and recipient servers follow the policies defined in the DNS records.
DMARC policies start with none(p=none), quarantine(p=quarantine) and finally Reject(p=reject).
Before getting started with the policies, let's understand what the DMARC records look like and the meaning of their various tags.
P=none: Monitoring Mode
By implementing this policy, the sender's domain tells the recipient server not to take action on any emails that fail SPF and DKIM checks. If the sender's domain has included an RUA tag, the recipient server will begin sending DMARC XML reports to the email address specified in the RUA tag.
P=quarantine: Redirects Emails to Spam Folder
When DMARC policy is set to quarantine, any email failing SPF and DKIM checks will end up in the recipient's spam folder. The sender will also get DMARC reports at this stage. However, phishing or spoofed emails may still reach the recipient's server until this DMARC stage.
DMARC Reject: Final Action Stage
To get the most out of DMARC, you need to set your DMARC policy to p=reject. This means that any email that fails SPF and DKIM checks won't be accepted by the recipient server. This is the final policy of DMARC, where emails failing authentication are rejected.
To apply these policies, you need to use the DMARC dashboard to see if any legitimate SMTP sources fail SPF and DKIM authentications. Otherwise, your genuine emails might be rejected or quarantined (depending on the DMARC policy stage). While most major ESPs check for DMARC records, some older servers haven't adopted this, allowing spoofed emails to be delivered even if the DMARC policy is set to quarantine or reject.
While the primary functionality of DMARC is preventing email scamming and domain misuse, GoDMARC offers several organizational benefits
Email Security: With all 3 email protocols in place, your domain name is protected against email phishing attacks, whether it's a BEC(Business Email Compromise) attack or an external attack like B2B (Business-to-Business) or B2C(Business-to-Consumer) using the same domain name. Before getting started with the policies, let's understand what the DMARC records look like and the meaning of their various tags.
Improved Email Delivery: With the GoDMARC dashboard, all your legitimate SMTP sources are aligned and authenticated according to DMARC standards. This enhances email delivery, whether it's for corporate emails or marketing purposes.
Protecting Brand Reputation: When you set your DMARC policy to reject and implement a BIMI VMC certificate, it helps build trust and improves your brand's reputation.
Reporting and Visibility: GoDMARC provides detailed analytics of emails failing or passing SPF, DKIM authentication and alignment. It identifies who is attempting to spoof your domain and from which IP address.
Implementing DMARC doesn’t require changes to your email server settings. With GoDMARC, you only need to insert the
generated DMARC record into your domain’s DNS.