What is DMARC?
DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is an email authentication, policy, and reporting protocol.
What does DMARC actually do?
DMARC is a protocol that protects your organization from emails sent by fraudulent imposters. The most simplistic analogy is you can very easily send a nasty post mail to Prime Minister Trudeau but put your next door neighbor’s full name and return address on the envelope making the letter completely appear as if it was sent by your innocent neighbor. The exact same applies to email and DMARC is a method to prevent this from happening.
Why would you need it?
Lanworks has several customers in which their internal email address books have been compromised and used by fraudulent imposters to send phishing emails to their own customers. You can imagine the embarrassment and damage control required to convince your best customer that the well-crafted phishing email they just received with your president’s name in the “From” field is in fact fraudulent. This is reality and it happens all the time.
How Does DMARC prevent this?
Now this is the complicated part of this Blog.
DMARC builds on the widely deployed SPF and DKIM protocols, adding ties to the author’s (“From:”) domain name. The SPF and DKIM fields are typically set in your DNS records
SPF: allows senders to define which IP addresses are allowed to send mail for a particular domain.
DKIM: provides an encryption key and digital signature that verifies that an email message was not faked or altered.
DMARC: unifies the SPF and DKIM authentication mechanisms into a common framework and allows domain owners to declare how they would like email from that domain to be handled if it fails an authorization test.
The options for a failed email authorization are:
None: treat the mail the same as it would be without any DMARC validation
Quarantine: accept the mail but place it somewhere other than the recipient’s inbox (typically the spam folder)
Reject: reject the message outright and discard it
What Does a Simplistic DMARC enabled Email Flow Look Like?
Summary
DMARC is a very important and effect mechanism to prevent fraudulent or spoofed email and every company should implement it. That being said, DMARC is not that straight forward to correctly setup. Lanworks has the experience to properly deploy DMARC/SFP/DKIM and our professional team would be glad to provide the required consulting to perform the work.