The State of Email Security Report
Actionable steps to improve your organization’s email security and cyber resilience.
Learn more about the DMARC authentication standard, and how Mimecast uses DMARC, SPF and DKIM to protect against malware and targeted cyber attacks.
Anyone involved in email security today is likely familiar with the DMARC standard and its role in helping to secure email from threats like spam, phishing and email spoofing. But What is DMARC exactly, and how does it add another layer of security to business email systems?
DMARC is Domain-based Message Authentication, Reporting and Conformance, a technical standard that helps protect email senders and recipients from advanced threats that can be the source of an email data breach. DMARC email security provides a way for domain owners to outline their authentication practices and specify the actions to be taken when an email fails authentication. DMARC also provides a way for recipients to report on email that fails authentication.
DMARC benefits businesses by providing another layer of protection that guards against attacks like impersonation fraud, where an attacker uses a legitimate domain to send a fraudulent message.
Now lets get into some of the specifics of DMARC.
Sender Policy Framework, or SPF, is an email validation protocol used to verify the legitimacy of a sender's domain by defining which IP addresses are allowed to send email from a specific domain. DMARC is an authentication protocol that builds on the SPF standard and enables domain owners to specify how email should be handled when it fails authentication.
DomainKeys Identified Mail (DKIM) is another authentication protocol that allows a sender to digitally sign an email with the organization's domain name, ensuring the message's authenticity. As with SPF, DMARC builds on the DKIM standard by enabling senders to say how messages that fail authentication should be treated.
DMARC is a protocol for authenticating that an email sent from an organization's domain is a legitimate message and not fraudulent.
A DMARC record appears in the sending organization's DNS database. Published as text (TXT) resource records (RR), DMARC records specify what the recipient of an email should do with mail that fails authentication.
DMARC domain alignment is part of the DMARC compliance and validation process. For SPF, domain alignment requires that a message's From domain and its Return-Path domain must be the same. For DKIM, domain alignment means that the From domain and a message's DKIM signature must be a match.
Learn more about the DMARC authentication standard, and how Mimecast uses DMARC, SPF and DKIM to provide advanced malware protection from impersonation fraud and other targeted attacks.
What is DMARC?
DMARC is the Domain-based Message Authentication, Reporting & Conformance protocol for email security. DMARC uses the Sender Policy Framework (SPF) and the DomainKeys Identified Mail (DKIM) protocol to enable a receiving mail server to determine whether an inbound message is legitimate. DMARC ensures that legitimate email is authenticating against the DKIM or SPF standards, and blocks email that fails to authenticate on both protocols.
DMARC also enables senders to receive aggregate and forensic reports about which messages are authenticating, which are not and why.
What is a DMARC record?
A DMARC record is a DNS TXT record published in a domain’s DNS database that tells receiving mail servers what to do with messages that don’t align or authenticate with SPF and DKIM. The DMARC record enables reports to be sent back to the domain owner about which messages are authenticating and why.
What is DMARC’s greatest benefit?
DMARC helps to block illegitimate email from an organization’s domain that are used in phishing attacks and other types of cybercrime. In addition to helping to prevent other organizations and individuals from falling prey to these attacks, DMARC enables organizations to avoid the damage to reputation that occurs when a domain is successfully used in a phishing scheme. Additionally, DMARC reporting provides greater visibility into which emails are authenticating with SPF and DKIM, helping to improve email delivery.
What is DMARC compliance?
An email is DMARC compliant when it both authenticates and aligns with SPF and DKIM protocols. An organization is in DMARC compliance when its DMARC protocols have been correctly configured and implemented for all email domains within the organization.
What is DMARC’s ability to protect against spoofing?
DMARC can help to successfully prevent direct domain spoofing, where attackers use an organization’s exact domain name in the “from” address within an email. However, DMARC cannot prevent look-alike domain spoofing, where attackers use a domain name that is a slightly altered version of a legitimate domain. Also, DMARC cannot prevent display name spoofing, where the name of the sender appears to be a trusted contact even though the underlying “from” email address may not be legitimate. And DMARC can’t provide protection against newly registered domains that are often used to initiate attacks for several hours or days before being shut down. For these reasons, most organizations opt for a multilayered approach to email security that uses DMARC in association with a variety of other defenses.