Mimecast's DMARC solution builds on the DKIM protocol as well as the SPF protocol to provide a stronger defense against spoofing.
DomainKeys Identified Mail (DKIM) is a technique for authenticating email that allows the receiver to verify that the message was sent and authorized by the owner of a domain. The protocol uses a cryptographic signature – an encrypted header added to the message – to verify that the email is authentic and that it has not been changed in transit. The receiver uses a public key found in the DKIM record in the domain's DNS to decrypt the DKIM signature and authenticate the message.
While the protocol is helpful, DKIM alone is not a guaranteed way of preventing spoofing attacks. The DKIM information is not visible for a non-technical user and does nothing to address the possibility that the sender is spoofing the "from" address in the email – the only information that most users see. The private keys used to sign messages with DKIM can be stolen by hackers. And managing public keys can be a time-consuming burden for email security teams.
DMARC, or Domain-based Message Authentication Reporting & Compliance, builds on the DKIM protocol as well as the Sender Policy Framework (SPF) protocol to provide a stronger layer of defense against email spoofing. DMARC ensures that the visible "from" address matches the underlying IP address to prevent spoofing. In order to pass the DMARC checks, a message needs to pass DKIM authentication and/or SPF authentication. The DMARC Analyzer app further provides instructions for how the emails that have failed the DMARC checks should be handled.
The DMARC protocol can significantly minimize the damage attackers can cause through spoofing and or phishing attacks. However, it can be time-consuming and difficult to deploy DMARC without superior tools and qualified help. That's why more organizations turn to Mimecast when seeking to implement DMARC with minimal effort and delay.
Mimecast DMARC Analyzer provides the tools and resources you need to implement DMARC quickly and easily while minimizing cost, risk and effort. DMARC Analyzer serves as an expert guide, providing analyzing software that enables the shortest time possible for publishing your reject policy. This Mimecast solution offers full insight into your email channels to make sure legitimate email does not get blocked, and delivers alerts, reports and charts that simplify the task of monitoring performance and enforcing authentication.
With Mimecast DMARC Analyzer, you can:
DMARC Analyzer provides a collection of self-service email intelligence tools to accelerate and simplify implementation of DMARC policy on the gateway.
DMARC Analyzer is part of a comprehensive suite of solutions for managing and protecting business email.
DKIM, or DomainKeys Identified Mail, is an email authentication method that uses a digital signature to let the receiver of an email know that the message was sent and authorized by the owner of a domain.
DKIM record is a line of text within the DNS record that contains the public key which receiving mail servers can used to authenticate the DKIM signature.
A DKIM record check is a tool that tests the domain name and selector for a valid published DKIM record. Mimecast offers a free DKIM record checker that can validate DKIM records. Mimecast also offers a free SPF validator and free DMARC record checks.