DMARC, which stands for Domain-based Message Authentication, Reporting, and Conformance, is an email authentication protocol that helps to prevent email spoofing. DMARC allows the owner of a domain to specify which mechanisms (such as SPF and DKIM) are used to authenticate emails sent from their domain and what to do if an email fails authentication.
Authentication
DMARC builds upon two existing email authentication techniques: SPF and DKIM
- SPF (Sender Policy Framework) indicates which IP addresses are allowed to send emails on behalf of a domain.
- DKIM (DomainKeys Identified Mail) adds a digital signature to the emails to verify that the message wasn't altered during the transfer.
Along with the Authentication and Alignment check is performed for both protocols.
- SPF Alignment: checks to find a match between the From address domain and the Return-path (bounce-back) domain.
- DKIM Alignment: checks to find a match between the "d=" tag domain and the From address domain.
Reporting
After performing the necessary checks reports are being sent to the RUA/RUF email addresses added in the DMARC record of the domain. The reports are generated by the receiving's side ESP. This reporting helps domain owners identify potential unauthorized use of their domains (e.g., phishing attempts) and take corrective actions.
Conformance
DMARC allows the domain owner to publish a policy instructing the receiver what to do with the email after performing the checks of SPF/DKIM protocols. The policy can instruct the receiver to:
- Monitor (policy "none"): During this stage no restrictions are put on the emails failing DMARC, but reports are being received about emails claiming to be from the domain, including information about whether those emails passed SPF and DKIM checks.
- Quarantine: Send the suspicious emails failing DMARC to junk or spam folders.
- Reject: Completely reject emails that fail authentication checks.