What exactly is DMARC, and how will it help protect me?
Backed by some very large corporations, including Google, American Greetings, PayPal,
Microsoft and FaceBook, just to name a few -DMARC, or Domain-based Message Authentication,
Reporting & Conformance, is an approach at stopping or reducing email spam
and phishing attacks.
The DMARC specification is based around existing email authentication using SPF
. This will effectively allow email senders, when sending email
to receivers implementing DMARC, to experience more uniform authentication.
The domain owner publishes the policy and the server that receives the email can
check to make sure its valid based on the receiving server policies - just as it
would with SPF
, however now
it is instructed with what to do with any messages that fail to pass authentication.
This takes the burden off the receiver from deciding whether the message is legitimate
or not and what to do with the message; quarantine, reject, nothing. DMARC also
adds a provision for AFRF, or Authentication Failure Reporting Format (RFC 5965
-which allows reports to be passed back to the sender containing information about
any successes or failures that the receiver may have encountered.
Here's an example of a DMARC record we use at www.unlocktheinbox.com
You can verify your DNS record exists by simply going to Unlock The Inbox SPF/TXT Records Lookup.
The above record means:
Percentage of messages subjected to filtering
Reporting URI for forensic reports
Reporting URI for aggregate reports
Policy for organizational domain
Policy for subdomains of the OD
Identifier Alignment mode for DKIM
Identifier Alignment mode for SPF
Click this link to learn more about Email Authentication Identifier Alignments
Who will I get reports from?
You will get reports from all the different email receivers that has implemented DMARC, although we don't have any way to tell you everyone that has implemented DMARC and the list is ever-growing.
We can however share our personal list of email addresses that we received reports from.
When we get a DMARC report we filter them into a special "DMARC REPORTS"
folder to be processed. Other companies built automation features to figure out what places are sending DMARC reports by parsing the attachments.
Some companies set their RUA address to companies that will automatically parse and present the data in an easy to read format and graphs. It's up to you to decide how you want to handle your incoming DMARC reports.
Now you're most likely asking How Do I Set Mine Up? That's the easy part.
You can just utilize our free DMARC record creation tool!
Generating Your DMARC Record
The easiest way to do this is to use the
Unlock the Inbox DMARC Wizard
and fill out the questionaire. On the bottom
of the DMARC Wizard page, after it generates your DMARC Record, there will be instructions
on how to add the records to your DNS.
Once the DMARC record is added to your DNS you can send an email to "firstname.lastname@example.org"
and it will return the results letting you know the status of DMARC, SPF, DKIM,
Sender ID, and Spam Assassin checks.
Domain-based Message Authentication, Reporting and Conformance
Source: Unlock The Inbox &