What is DMARC?

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication technique. DMARC was created by PayPal together with Google, Microsoft and Yahoo!. With DMARC a domain owner publishes a DMARC record and will gain insight and control over the email send on his behalf. You can use DMARC to protect your domains against abuse in phishing or spoofing attacks.

As a website owner, you want to know for sure that your visitors or customers will only see emails that you have sent yourself. Therefore, DMARC is a must for every domain owner. Securing your email with DMARC gives email receivers certainty whether an email is legit and has originated from you. This results in a positive impact on email delivery and also prevents others from sending email using your domain.

Watch our video: DMARC explained

History of DMARC

DMARC is a standard first published in 2012 to prevent email abuse. Several industry leaders have worked together to create the DMARC specification. It is based on the existing authentication techniques SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail).

DMARC is originally developed as an email security protocol adopted mostly by security experts in the financial industry. Currently the adoption of DMARC is becoming more spread over the online landscape and DMARC is more and more recognised by email marketeers as an aspect of online security and improved deliverability.

DMARC is currently supported by all major ISP’s (such as Google, Microsoft, Yahoo! etc). DMARC is awaiting approval to become an open standard approved The Internet Engineering Task Force (IETF).

DMARC in practice

When using DMARC Analyzer you will receive DMARC reports from email receivers which contain detailed information about the sources sending email on your behalf. Use this data to further protect your brand and domain.

Many famous and harmful phishing attacks used identities of trustworthy organisations like banks, lotteries, charities and big ecommerce platforms. Brands of these organizations have been abused to send out fraudulent phishing emails to extract passwords or encourage to fraudulent payments. DMARC appeared to the right answer to prevent these attacks and protect your brand and domain name. Famous examples of organisations which actively block phishing and spam attacks with DMARC are: Paypal, Google, Facebook, AOL, Microsoft and XS4All.

What is DMARC