Domain-based Message Authentication, Reporting & Performance (DMARC) is an email authentication protocol that is used together with SPF and DKIM to defend against email spoofing. Email spoofing, or domain spoofing, happens when an attacker uses your domain in the "from" field of an email to make the message appear to be sent by someone from your organization. DMARC helps a mail server check whether an inbound message is legitimate, and lets the server know what to do with the message if it fails SPF or DKIM authentication.

What is a DMARC record check?

When deploying DMARC, it's necessary to have a valid DMARC record. A DMARC record check is a tool that tests a DMARC record to see whether it's valid. Mimecast offers a free DMARC record check tool that will parse your DMARC record and display the results. Mimecast also offers SPF and DKIM record checks .

What is a DMARC Policy?

Q: What is a DMARC policy?

A DMARC policy tells receiving email servers what to do with an email that fails a DMARC check . A DMARC policy can specify that the receiver reject, quarantine or do nothing with the email. Rejected emails will bounce and not end up in any folders within the receiving email server. Quarantined emails will be sent to a special folder like a junk/spam folder. Emails for which the DMARC policy is to do nothing will be sent along to the recipient. In all cases, the domain owner receives reports about which messages are authenticating and which are not, enabling the organization to begin analyzing who is sending emails on its behalf.

Overview

What is a DMARC policy?

Domain-based Message Authentication, Reporting, and Conformance (DMARC) is an email authentication method that protects against fraudulent emails. DMARC is an essential first line of defense against phishing emails and similar cyberattacks.

DMARC builds on the SPF and DKIM authentication protocols that are currently widely used. By establishing a DMARC policy, organizations can let receiving email servers know how to validate messages from their domain and what to do with email that fails to authenticate.

While DMARC can provide a critical layer of protection against spoofing attacks, implementing the DMARC protocol and establishing DMARC policy can be costly and complex, and managing and analyzing DMARC reporting on an ongoing basis can be time-consuming. It's no wonder, then, that so many organizations adopting DMARC policy turn to Mimecast for help in implementing and managing the DMARC protocol.

What does a DMARC policy do?

A DMARC policy helps email receiver systems distinguish legitimate and fraudulent emails. If an email doesn’t come from an approved domain, the DMARC alerts the receiver systems and tells them how to respond—isolating any potential threats.

What are the various DMARC policy options?

There are three essential DMARC policy options: “none,” “quarantine,” and “reject”

The “none” policy, also known as “monitor” tells the provider to take no action.
The “quarantine” policy sends any unauthorized emails into a separate folder, similar to a spam folder.
The “reject” policy tells the provider to block any unauthorized emails so that they cannot reach recipients.

Why do you need a DMARC policy?

It’s important to have an active DMARC policy to help protect against phishing attacks and ransomware.

A DMARC policy reduces human error when protecting against cyber threats and enables your organization to respond faster and more efficiently to phishing attacks.

Even if your employees are well-trained to recognize and respond to suspicious emails, a DMARC policy will help save them time and trouble by automatically taking protective action against potential threats.

Which DMARC policy should you implement?

The DMARC policy you should implement largely depends on the nature of information your organization needs to protect. To begin with, it is generally advisable to start with a “none” policy for the purpose legitimizing trusted hosts and domains. This can also help create a sense of any potential threats and monitor suspicious activity without inhibiting any usual legitimate communication.

Once the groundwork has been laid out, the next step is to implement a quarantine policy so that legitimate communication can continue per usual, but there is now an additional layer of security to filter out potential threats.

Finally, those who have greater needs for security will move towards implementing a reject policy. This is usually the case for financial institutions and healthcare organizations, whereas those who have less sensitive data to protect may continue with a quarantine policy.

Defend against domain spoofing with a DMARC policy

As the number of impersonation and spoofing attacks continues to rise, many organizations are turning to DMARC policy and protocols to stop these malware-less attacks.

In a spoofing attack, a cybercriminal sends an email that appears to come from someone in your company in an attempt to trick the recipient into transferring money, revealing credentials, or sharing sensitive information. Spoofed emails may target your own employees and customers as well as suppliers and partners.

Mimecast’s DMARC analyzer

Mimecast’s DMARC analyzer acts as an expert guide, helping to speed and simplify implementation of DMARC policy. With DMARC analyzer, you can move toward a DMARC test protocol and reject policy as fast as possible. This cloud-based solution empowers you to easily manage complex DMARC deployment, providing faster insight into who is sending email on your behalf and determining which email is legitimate and which is not.

Mimecast’s DMARC analyzer enables you to:

Simplify DMARC deployment with a step-by-step approach and self-service tools.
Get 360° visibility and governance across all email channels with an easy-to-use service.
Configure alerts, reports and charts that enable you to enforce DMARC policy sooner and monitor ongoing performance.

Interested in learning more?

A simpler way to establish DMARC policy

To simplify deployment of DMARC protocols and establishment of DMARC policy, Mimecast DMARC Analyzer provides a 100% SaaS-based solution that reduces the time and complexity of enforcing DMARC authentication. DMARC analyzer includes:

Management of unlimited users, domains, and domain groups to easily achieve full coverage.
Forensic reports that streamline the task of tracking down malicious email sources.
Easy-to-digest aggregate reports and charts for faster analysis and DMARC policy enforcement.
Fast and easy updates to DNS records with a setup wizard for DMARC records.
Options for DMARC Office 365.
The ability to track progress over time by reviewing summary daily and weekly reports.
Two-factor authentication to enhance security.
Proactive email prompts that are issued when a DNS record changes.
A managed service option that delivers deployment and project management expertise proven to help reduce risk and enforcing DMARC policy in the shortest time possible.

FAQs: DMARC policy

What is DMARC?

DMARC – or Domain-based Message Authentication, Reporting and Conformance – is a protocol for email authentication, policy, and reporting. Designed to help prevent email impersonation, DMARC allows senders to let recipients know that messages are protected by Sender Policy Framework (SPF) and DomainKeys Identified Message (DKIM) protocols and provides instructions for how to handle messages that don't pass either of these authentication methods.

How do I fix “DMARC policy not enabled”?

The error message “DMARC Policy Not Enabled” means your DMARC policy is active but set to “none” which means it cannot take action with any unauthorized emails.

To fix this, modify your policy mechanism (p) from p=none to p=reject/quarantine.

Where do DMARC quarantine emails go?

DMARC quarantine emails usually end up in a Spam folder or similar equivalent. Depending on how the receiver is programmed to respond, the email may also be temporarily suspended from reaching its recipient altogether and/or scrutinized further for suspicious elements.

Related DMARC Policy Resources

Email Security