What is DMARC?

    Learn more about the DMARC authentication standard, and how Mimecast uses DMARC, SPF and DKIM to protect against malware and targeted cyber attacks.

    Interested in learning more?

    Schedule a demo

    What is DMARC and what is it designed to do?

    Anyone involved in email security today is likely familiar with the DMARC standard and its role in helping to secure email from threats like spam, phishing and email spoofing. But What is DMARC exactly, and how does it add another layer of security to business email systems?

    DMARC is Domain-based Message Authentication, Reporting and Conformance, a technical standard that helps protect email senders and recipients from advanced threats that can be the source of an email data breachDMARC email security provides a way for domain owners to outline their authentication practices and specify the actions to be taken when an email fails authentication. DMARC also provides a way for recipients to report on email that fails authentication.

    DMARC benefits businesses by providing another layer of protection that guards against attacks like impersonation fraud, where an attacker uses a legitimate domain to send a fraudulent message.

    Now lets get into some of the specifics of DMARC.

    <p>What is DMARC and what is it designed to do?</p>

    DMARC compared to SPF and DKIM

    Sender Policy Framework, or SPF, is an email validation protocol used to verify the legitimacy of a sender's domain by defining which IP addresses are allowed to send email from a specific domain. DMARC is an authentication protocol that builds on the SPF standard and enables domain owners to specify how email should be handled when it fails authentication.

    DomainKeys Identified Mail (DKIM) is another authentication protocol that allows a sender to digitally sign an email with the organization's domain name, ensuring the message's authenticity. As with SPF, DMARC builds on the DKIM standard by enabling senders to say how messages that fail authentication should be treated.

    DMARC is a protocol for authenticating that an email sent from an organization's domain is a legitimate message and not fraudulent.

    <p>DMARC compared to SPF and DKIM</p>

    DMARC records and DMARC domain alignment

    A DMARC record appears in the sending organization's DNS database. Published as text (TXT) resource records (RR), DMARC records specify what the recipient of an email should do with mail that fails authentication.

    DMARC domain alignment is part of the DMARC compliance and validation process. For SPF, domain alignment requires that a message's From domain and its Return-Path domain must be the same. For DKIM, domain alignment means that the From domain and a message's DKIM signature must be a match.

    Learn more about the DMARC authentication standard, and how Mimecast uses DMARC, SPF and DKIM to provide advanced malware protection from impersonation fraud and other targeted attacks.

    <p>DMARC records and DMARC domain alignment</p>

    Expert Insight.

    Resources you may be interested in: