DMARC

What is DMARC?

DMARC is an anti-spam and e-mail security measure that stands for Domain-based Message Authentication, Reporting, and Conformance. It builds on the SPF and DKIM protocols to verify the identity of the e-mail sender. It determines whether or not the e-mail has been altered in transit. DMARC also provides a mechanism for reporting suspicious or fraudulent e-mails to the sender's domain administrator.

When an e-mail is sent, DMARC checks the SPF and DKIM records of the sending domain to verify that the e-mail is from an authorized source. If the e-mail fails either check, it is flagged as suspicious and may be blocked by the receiving mail server. DMARC also checks for conformance with RFC 5322, which specifies the format of e-mail headers. If an e-mail fails this check, it is also considered suspicious.

Once an e-mail has been determined to be suspicious, DMARC provides a mechanism for reporting it to the sending domain's administrator. This report includes information about why the e-mail was flagged as suspicious, which can help the administrator determine if there is a problem with their SPF or DKIM records or if someone is spoofing their domain name.

If you are responsible for administering a domain, you can configure DMARC to take one of three actions when it receives a report about a suspicious e-mail: do nothing, quarantine the mail (read: send to spam), or reject the e-mail outright. The most secure option is to reject all suspicious e-mails, which can result in lost mail and must be used after proper testing.