DMARC stands for ‘Domain-Based Message Authentication, Reporting & Conformance’ and is an email-authentication protocol designed to protect your domain against impersonation. Issues arising from incorrect email security configuration don’t just impact IT departments, they impact entire businesses.
When properly configured in a policy of REJECT, DMARC uses existing protocols SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) to ensure that emails sent using your domain are legitimate, preventing hackers from impersonating your brand and damaging your reputation.
DMARC can also improve deliverability rates for marketing/bulk emails by indicating they have come from a reputable source, as the protocol creates a record with metadata about the validation status of each email it receives from each organisation.
Your DMARC status is publicly available information:
Having NO DMARC configuration on your domain(s) leaves your organisation particularly vulnerable to email impersonation and domain-based phishing attacks.
There are three policy stages of DMARC implementation: REPORT, QUARANTINE and REJECT.
Achieving the policy of DMARC in REJECT (p=reject) is the ultimate aim for your company’s email security, deliverability and brand reputation:
When your DMARC is in REPORT (p=none) … you are in reporting mode; this policy allows all emails to reach the receiver, regardless of whether or not they have been authorised
When your DMARC is in QUARANTINE (p=quarantine) … emails which fail DMARC validation will be sent to the receiver’s junk/spam folder
Once your DMARC is in REJECT (p=reject) … your DMARC is properly configured. However for your DMARC record to carry on protecting your organisation, it needs regular care and attention, especially as the email sending habits of your domain will change over time.
Examples of elements that could potentially affect your DMARC configuration even once you are in ‘p=reject’ include:
- Email Forwarding – your SPF could break when someone forwards an email
- Misalignment – your DKIM keys can get out of sync if you use third-party sending services
- Server Overload – sometimes an ISP may turn off DKIM checks if high processing is required
To provide the necessary visibility with notifications and the tools to put things right again, we highly recommend a monitoring and reporting product like ONDMARC from Red Sift.
To help you understand whether your domains are at risk or not, Autodata offers a free, no-obligation DNS Intelligence Report using Red Sift’s tool which will:
- give you a full overview of your DNS configuration
- identify all email sending sources, both legitimate and illegitimate
- identify shadow IT
- display locations of any illegitimate sending sources
- provide intelligence into any IPs sending emails on behalf of your organisation
- provide full detail on how to protect your clients against impersonation