If you’ve spent any time in the email space (or software more generally) you will know that there are a raft of strange and cryptic acronyms that come with the territory. They can be misleading, confusing and daunting, particularly for newcomers who just want to set up their SMTP relay and never give it another thought.
We get it: they can put anyone off! But there is hope (and help). Here we answer some questions about DMARC and clear the air. Mystery begone!
Okay, deep breath, the next few sentences might make your head spin.
DMARC stands for Domain-based Message Authentication, Reporting & Conformance.
It is a fancy name for a simple protocol. These are the nuts and bolts of it:
- It is an email security measure that protects your domain name and mailboxes from hackers. In other words, it is an email authentication protocol that is used to help fight cyberattacks and other gnarly incidents.
- It helps protect your domain name (and therefore your business’s) reputation!
- It helps protect against the common, and dodgy, practice of ‘spoofing’ whereby a bad actor sends an email with a “from” address that appears identical to a legitimate domain.
How Does it Help?
Setting up a DMARC policy allows you as an individual or business to more effectively prevent malicious emails.
On a larger scale, DMARC is used by internet service providers (ISPs) to protect their customers’ inboxes.
How Does it Work?
DMARC essentially combines two common authentication protocols – Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to help an incoming mail server determine whether an email is legit or not.
DMARC ultimately enables you to decide what to do with incoming emails, allowing you to decide how strict you want your protocols to be. DMARC allows you as the recipient to decide if you want to accept emails, place them in junk, or block them from your servers altogether. You can set these policies based on the SPF/DKIM of the incoming mail.
Where Can I find my DMARC Record?
Don’t worry – you won’t have to do too much digging to find out the DMARC policy of your domain, or the details of the record managed by your ISP provider!
It can be found alongside your Domain Name System (DNS) records, which also include:
- A record
You as a business can contact your DNS server administrator and ensure they have added your DMARC record. You can specify how strict or ‘lax’ you want your protocol to be.
Who Uses DMARC?
Not all companies or individuals use DMARC but virtually all ISP providers do in order to keep their users safe. Implementing strict, unambiguous policies for incoming mail is becoming the gold standard in the email industry.
What Are the Benefits?
- It helps protect your brand by preventing bad actors from sending mail from your domain, via spoofing.
- Simply publishing a DMARC record can improve your reputation.
- It allows you to gain more information on who is trying to send emails from your domain, equipping you with further knowledge and the pre-emptive tools to prevent future spoofing attempts.
- In a more ‘meta’ sense, the more domains and email users who use DMARC in the world wide web community, the better able we all are to set consistent policies for dealing with sketchy senders.
- DMARC also allows you to send Brand Indicators for Message Identification (BIMI) messages that contain your brand logo when they arrive in your recipient’s mailboxes. BIMI is great for marketers and businesses who want to grow brand awareness and recognition and add some personality to the email game. DMARC makes this all possible.
Show me a DMARC record – I’m intrigued!
You can check Valimail to view the DMARC record of any domain that has one publicly published.
You can also check yourself in your terminal. Type < dig txt _dmarc.smtp2go.net >
If your domain doesn’t contain a text record beginning with “v=DMARC1,” the recipient mail server won’t run a DMARC check. If you don’t have this in your text record it means you don’t have a DMARC policy published.
p=none: The most ‘lax’ DMARC policy command
p=quarantine: This command tells the receiver to divert mail that does not conform to all of the requirements to spam or some other designated folder.
p=reject: The strictest command. It only allows mail verified as signed by a given domain to reach the inbox. All other mail gets denied.