Understanding the basics of how DMARC works can seem like a challenge. The reality, however, is that DMARC is not as complicated as you might think, and understanding the basics of how DMARC works is fairly simple.
What is DMARC?
DMARC is an email authentication protocol that protects domains from exact impersonation (it stops bad actors using your brand to send phishing emails). DMARC builds upon SPF and DKIM, two existing email protocols that help authenticate email in different ways.
SPF verifies if an email is sent from a valid IP address, and DKIM verifies if an email is sent from a valid source by using encryption in the header of an email.
Why aren’t SPF and DKIM enough?
The problem with only using SPF and DKIM for your email security is that they do not enforce a policy, so they don’t really add any protection to your domain. In short, they might help to authenticate emails, but they don’t tell recipient servers what to do with the emails that fail authentication.
A DMARC policy of p=reject is essential
This is where DMARC comes in. DMARC uses the authentication that SPF and DKIM provide to enforce a policy. This means that only emails that pass SPF or DKIM authentication will pass DMARC validation and reach your recipient’s inbox. For unauthorized emails, DMARC will deal with them based on the DMARC policy you set. Here are the policies and what each means for unauthorized emails:
- p = none – this means no policy is set, so all emails will be able to reach the recipient, regardless of whether they pass authentication or not
- p = quarantine – this tells recipient servers to send any emails that fail DMARC validation to the junk/spam folder
- p = reject – this is the most powerful policy, and it tells recipient servers to block any emails that fail DMARC validation
Like SPF and DKIM, DMARC has been widely adopted by most major email receivers. This means that you will not only get reports back but the DMARC policy you set will be upheld by them.
Watch how DMARC works
We’ve created a helpful video that explains more about what DMARC is and how it works, you can watch it below!
Do your own SPF, DKIM, and DMARC check today
To get a quick overview of your current SPF, DKIM, and DMARC protocols, try out our free investigate tool below!