What is DMARC (Domain-based Message Authentication)?

About

Domain-based Message Authentication, Reporting and Conformance (DMARC) is a text DNS Record that indicates to the receiving server what actions should be taken if the emails do not pass the email authentication mechanisms:

It wards off email spoofing

DKIM and SPF should be set before setting a DNS DMARC record.

DMARC has two conditions for an email, but either of them is sufficient to pass the DMARC check:

When does a message pass DMARC ?

To pass DMARC, a message must pass at least one of these checks:

A message fails the DMARC check if the message fails both:

  • SPF (or SPF alignment)
  • DKIM (or DKIM alignment)

DMARC DNS record

The DMARC is a TXT record with the relative name _dmarc that contains a series of options called record tags.

The only mandatory tag is v=DMARC1.

For instance, for the most relax policy (ie none policy), you could enter the following DNS record

_dmarc.example.com IN TXT "v=DMARC1; p=none; rua=mailto:[email protected]"

where the options are called record tags and

Policy

The policy defines the action taken on messages by the receiving server when they don’t pass the DMARC checks.

Policy Description Report
none no action is taken Yes
quarantine Send messages to the recipient’s spam or quarantine folder Yes
reject send a bounce No

Report

The Damrc report is sent via the email configured in the rua property of the DMARC record.

You can then monitor the effectiveness of your email operation/

Example:

Check

https://dmarcian.com/dmarc-inspector/

Documentation / Reference





Discover More
Map Of Internet 1973
DNS - Record

A DNS record is a row in a DNS database. Example of a A record. where: api is a relative name IN is the INTERNET class (An other value is ANY) A is the A record 164.132.99.202 is the Ip address...
How to configure your server to send Email properly?

Configuring your domain to manage email is not an easy task, this article groups them in one place
Web - Security

in a Web app Email Dmarc Cross-site Scripting ... s-rah/onionscanonionscan Burp Suite (Java based) Burp Suite Community Documentation...
What is BIMI (Brand Indicators for Message Identification)? How to add a brand logo to your Emails?

With BIMI , a logo file should be displayed in the receiver inbox. When all requirements pass, the email provider will look up a TXT record where the content starts with v=BIMI1. In this record, it...
Dkim Entry
What is DKIM, the Email DomainKeys Identified Mail? (Mail Signatures)

DomainKeys Identified Mail (DKIM) is a method to sign digitally outgoing email, in order to authenticate a person, role, or organization allowing them to claim some responsibility for the message. The...
What is Email Authentication?

By default, the SMTP protocol does not have any authentication mechanism when the email is received. There may be an authentication when you try to send but not when you receive. To prevent spoofing...
Spf Dns Zone
What is the Sender Policy Framework (SPF) in Email?

The Sender Policy Framework (SPF) is a framework that determines if the sender of a email transaction is valid. It's part of the email authentication framework with DKIM where the goal is to: prevent...
Map Of Internet 1973
What is the TXT DNS record? A all-in place to store data

The TXT DNS record is used for multiple purpose and this articles shows you the most common



Share this page:
Follow us:
Task Runner