DMARC stands for “Domain-based Message Authentication, Reporting & Conformance.” DMARC is a protocol that uses Sender Policy Framework, (SPF) and DomainKeys identified mail (DKIM) to determine the authenticity of an email message. DMARC requires both SPF and DKIM to fail in order for it to act on a message.
Just like in the case of SPF and DKIM, the purpose of DMARC is to secure emails by adding an extra email authentication protocol. Your DMARC record is published in your DNS records such as SPF, DKIM A Record, CNAME.
Why DMARC Is Important
- Publishing a DMARC record protects your reputation by preventing authorized users from sending mails via your domain.
- In most cases, publishing a DMARC record can result in a positive reputation bump, therefore increased email deliverability.
- Consuming DMARC reports increases visibility into your email program by letting you know who is sending mail from your domain.
- DMARC helps the email community establish a consistent policy for dealing with messages that fail to authenticate. This helps the email ecosystem as a whole become more secure and more trustworthy.
How does a DMARC record look like?
You can navigate to https://dmarcian.com/dmarc-inspector/ to view the DMARC record for any domain if they have one published.
Here is an example of DMARC record–this is Relevon’s DMARC record:
Here, v is the version, p is the policy, pct is the percent of “bad” emails on which to apply the policy, and rua is the URI to send aggregate reports to, ruf tells the receiving server where to send forensic reports of DMARC failures.
As DMARC implementation becomes more and more important for ensuring a secure environment and better deliverability, businesses of all shapes and sizes should add a DMARC record to their DNS.