Your IP Address:
Located Near:

DMARC

What exactly is DMARC, and how will it help protect me?


Backed by some very large corporations, including Google, American Greetings, PayPal, Microsoft and FaceBook, just to name a few -DMARC, or Domain-based Message Authentication, Reporting & Conformance, is an approach at stopping or reducing email spam and phishing attacks.

The DMARC specification is based around existing email authentication using SPF or DKIM. This will effectively allow email senders, when sending email to receivers implementing DMARC, to experience more uniform authentication.

The domain owner publishes the policy and the server that receives the email can check to make sure its valid based on the receiving server policies - just as it would with SPF, however now it is instructed with what to do with any messages that fail to pass authentication. This takes the burden off the receiver from deciding whether the message is legitimate or not and what to do with the message; quarantine, reject, nothing. DMARC also adds a provision for AFRF, or Authentication Failure Reporting Format (RFC 5965) -which allows reports to be passed back to the sender containing information about any successes or failures that the receiver may have encountered.

DMARC-ING on...


Here's an example of a DMARC record we use at www.unlocktheinbox.com

"v=DMARC1;p=none;pct=100;rua=mailto:emailaddress@yourdomain.com;ruf=mailto:emailaddress@yourdomain.com;"

You can verify your DNS record exists by simply going to Unlock The Inbox SPF/TXT Records Lookup.

The above record means:
Syntax Definition Example
v Protocol Version v=DMARC1
pct Percentage of messages subjected to filtering pct=100
ruf Reporting URI for forensic reports ruf=authfail@unlocktheinbox.com
rua Reporting URI for aggregate reports rua=aggrep@unlocktheinbox.com
p Policy for organizational domain p=quarantine
sp Policy for subdomains of the OD sp=reject
adkim Identifier Alignment mode for DKIM adkim=strict
aspf Identifier Alignment mode for SPF aspf=relaxed


Click this link to learn more about Email Authentication Identifier Alignments.

Who will I get reports from?


You will get reports from all the different email receivers that has implemented DMARC, although we don't have any way to tell you everyone that has implemented DMARC and the list is ever-growing. We can however share our personal list of email addresses that we received reports from.
  • noreply-dmarc-support@google.com
  • noreply@dmarc.yahoo.com
  • noreply@dmarc-reports.xs4all.net
  • dmarcrep@microsoft.com
  • abuse@163.com
  • abuse@126.com
  • dmarc_support@corp.mail.ru
  • abuse@aol.com
  • dmarc-noreply@linkedin.com
  • postmaster@inteligis.ro
  • reporter@dmarc.andreasschulze.de
  • noc@visp.mx
  • dmarc-noreply@ivenue.com
  • abuse_dmarc@abuse.aol.com
  • report@rosenkeller.org
  • dmarc-report@rosenkeller.org
  • postmaster@junc.org
  • report@dmarc.laussat.info
  • aggregate@dmarc.theartfarm.com
  • postmaster@horizonlinux.org
  • noreply@numeezy.com
  • noreply-dmarc@numeezy.com
  • sun@sunmoonstar.net
  • dmarc-support@alerts.comcast.net
  • abuse@yeah.net
  • postmaster@dmarc.org
  • postmaster@facebookmail.com
  • postmaster@blackops.org
  • postmaster@telesiscomms.com
  • postmaster@web31.iitsp.com
  • dmarc@gcis.biz
  • dmarc@halon.se
  • dmarc@jrschneider.com
  • dmarc@padz.net
  • dmarc@vincenti.com
  • dmarc_reports@thokar.com
  • hostmaster@amfes.com
  • hostmaster@mbrown.co.uk
  • mg@castlehoward.co.uk
  • noreply-dmarc-support@moscow.stalker.com
  • noreply-dmarc-support@opentech.co.jp
  • postmaster@coco.co.uk
  • postmaster@croakingduck.com
  • postmaster@darkblue.co.uk
  • postmaster@freeyournet.com
  • postmaster@kestral.com.au
  • postmaster@llamas.net
  • postmaster@marlesfarm.co.uk
  • postmaster@richmondscientific.com
  • postmaster@spiritofchaos.co.uk
  • postmaster@thesandiegos.com
  • postmaster@visimap.com
  • postmaster@winstanleysbikes.co.uk
  • postmaster@trusteddomain.org
  • report@test.mobileoffice.biz
  • SpamMaster@farley.com
  • SpamMaster@intlbridge.com
  • SpamMaster@myib.com
  • SpamMaster@parcelpool.com
When we get a DMARC report we filter them into a special "DMARC REPORTS" folder to be processed. Other companies built automation features to figure out what places are sending DMARC reports by parsing the attachments. Some companies set their RUA address to companies that will automatically parse and present the data in an easy to read format and graphs. It's up to you to decide how you want to handle your incoming DMARC reports.

Now you're most likely asking How Do I Set Mine Up? That's the easy part. You can just utilize our free DMARC record creation tool!

Generating Your DMARC Record


The easiest way to do this is to use the Unlock the Inbox DMARC Wizard and fill out the questionaire. On the bottom of the DMARC Wizard page, after it generates your DMARC Record, there will be instructions on how to add the records to your DNS.
 
Once the DMARC record is added to your DNS you can send an email to "mailtest@unlocktheinbox.com" and it will return the results letting you know the status of DMARC, SPF, DKIM, Sender ID, and Spam Assassin checks.

Draft Standard: Domain-based Message Authentication, Reporting and Conformance

Source: Unlock The Inbox & DMARC

Sponsored Links

Copyright © 2014 Unlock The Inbox