DMARC Domain-based Message Authentication, Reporting and Conformance (DMARC) is a technical specification designed to reduce email abuse (spam, phishing) by providing a solution for deploying and monitoring email authentication issues.
How does DMARC work?
DMARC standardise the way recipients carry out email authentication via mechanisms such as Sun protection factor (Sender Policy Framework) and DKIM (DomainKeys Identified Mail). This means the sender will receive the results of message authentications by AOL, Gmail, Microsoft, Yahoo! or any other recipient implementing it DMARC.
DMARC enables the sender to indicate that their messages are protected by SPF and/or DKIM, and tells recipients what to do if authentication fails.
Politics DMARC of a domain is published in a TXT record of the public DNS (Domain Name System) and describes what the recipient of the email should do if it does not satisfy the authentication mechanisms.
DMARC policy syntax
v=DMARC1;p=quarantine;pct=100;rua=mailto:postmaster@example.org;ruf=mailto:forensik@example.org;adkim=s;aspf=r
| Setting | Description |
| v | Protocol version |
| Per cent | Percentage of messages to filter |
| Rough | Recipient of the forensic report |
| street | Recipient of aggregated report |
| p | Procedure with the main domain |
| sp | Procedure with the subdomain |
| adkim | Rule for DKIM (relaxed / strict) |
| ASPF | SPF rule for (relaxed / strict) |
Impact of DMARC on my sender address
It is very important to use a sender address with a domain that you own in order to best manage authentication issues. Otherwise, your emails will be subject to the third-party domain's DMARC policy and your emails could be rejected.
Example with Yahoo!'s DMARC policy
v=DMARC1;p=reject;pct=100;rua=mailto:dmarc_y_rua@yahoo.com;
If you wish to use your «yahoo.fr» address to send your emails, given that your router will not be Yahoo!, authentications will fail. Yahoo!«s policy states that all emails not validating DMARC (»p=reject") must be rejected, therefore your emails will not be delivered.
Here are some examples of DMARC policy
AOL
v=DMARC1; p=reject; pct=100; rua=mailto:d@rua.agari.com; ruf=mailto:d@ruf.agari.com;
Gmail
v=DMARC1; p=none; rua=mailto:mailauth-reports@google.com hotmail.com
Microsoft
v=DMARC1; p=none; pct=100; rua=mailto:d@rua.agari.com; ruf=mailto:d@ruf.agari.com; fo=1
Yahoo!
v=DMARC1;p=reject;pct=100;rua=mailto:dmarc_y_rua@yahoo.com;
Yahoo! and AOL are already configured to reject emails sent in their name without authorisation. Gmail also plans to do the same in the future.
Find more information on the Official DMARC Website
The article doesn't answer all your questions? Feel free to Contact us for more information.
