What is DMARC?
The Advantages of Implementing DMARC
Deploying DMARC helps legitimize email by doing the following:
- Signals whether SPF and/or DKIM authentication is in place for the email domain.
- Tells email receivers (like Gmail and Yahoo) how to handle messages that fail to align with those protocols.
- Gives feedback to the sender about the email itself.
- Helps the email community establish a consistent policy for dealing with messages that fail to authenticate—helping the ecosystem become more secure and trustworthy.
The work required to deploy DMARC is directly related to the size and complexity of an organization’s email infrastructure. An initial assessment should be performed to determine the context in which the deployment project will operate, the complexity of the existing email environment, and the implementation capabilities of the organization. Results of the assessment directly inform project scoping and planning.
When deploying DMARC, it’s best to roll out DMARC across all of an organization’s domains instead of focusing on individual domains. When DMARC is deployed at an organization across the entire domain portfolio, the process of deployment becomes much easier, and the benefits increase to the point where managers get new tools to ensure email is being sent in compliance with the organization’s standards.
The main benefits of implementing DMARC are security, visibility, deliverability, and identity.
- Security: With DMARC you can monitor your email flow for threats and unknown senders and prevent spoofing and phishing emails from being sent from your domain.
- Visibility: DMARC will provide you with detailed insight on all emails sent on behalf of your domain.
- Deliverability: Using DMARC will help ensure your emails are delivered using the same technology that large companies use to deliver their email.
- Identity: DMARC makes your email easy to identify across the huge and growing footprint of DMARC-capable receivers.
Built upon SPF and DKIM
DMARC, an open source standard, uses a concept called alignment to tie the result of SPF and DKIM to the content of an email message.
- SPF has been around since 2003. SPF is a way of publishing a list of servers that are authorized to send email on behalf of a domain.
- DKIM has roots going back to 2005. It is a method of adding a tamper-proof domain seal to a piece of email.
While SPF & DKIM can be used independently from DMARC, adding DMARC gives greater functionality to the information than what they each separately provide.
A DMARC policy allows a sender to indicate that their messages are protected by SPF and/or DKIM and tells the recipient what to do if none of these are verified on a particular email (marking it as junk or denying the delivery of the message).
- Monitoring (p=none) no impact on mail flows
- Quarantine (p=quarantine) messages that fail DMARC (e.g., move to the spam folder)
- Reject (p=reject) messages that fail DMARC (e.g., don’t deliver the mail at all)
Only 30% of organizations that start deploying DMARC complete the process.