What is DMARC and why should companies have it?

DMARC is part of a suite of email security features that work together to give your domain extra layers of protection.

SPF (Sender Policy Framework): Think of SPF like a bouncer at a club who checks the guest list before letting people in. SPF is a protocol that verifies whether an email sender is allowed to send messages on behalf of a specific domain. It works by publishing a list of authorised mail servers in the domain’s DNS records. When an email is received, the recipient’s server checks this list to see if the sending server is authorised. And like every bouncer says “If it’s not on the list, it’s not coming in”

DKIM (DomainKeys Identified Mail): DKIM is like adding a digital signature to your email. When an email is sent, DKIM adds a unique signature generated by the sending server to the message header. When the email is received, the recipient’s server can verify this signature by checking it against a public key published in the sender’s DNS records. If the signature matches, it proves that the email hasn’t been tampered with during transit and that it genuinely came from the domain it claims to be from.

DMARC (Domain-based Message Authentication, Reporting, and Conformance): DMARC is like the boss overseeing the bouncer and the VIP list. It builds on SPF and DKIM to provide an extra layer of protection against email spoofing and phishing attacks. With DMARC, domain owners can specify how they want email servers to handle messages that fail SPF or DKIM checks. They can choose to quarantine them, reject them, or even monitor them for potential threats. DMARC also allows domain owners to receive reports on email authentication failures, giving them valuable insights into potential abuse of their domain.

Why Companies Should Have DMARC:

  1. Prevents Email Spoofing: DMARC helps prevent cybercriminals from spoofing a company’s email addresses to trick recipients into revealing sensitive information or downloading malware. By enforcing strict authentication policies, companies can ensure that only legitimate emails are sent from their domains.
  2. Protects Brand Reputation: Email spoofing can damage a company’s reputation and erode customer trust. With DMARC in place, companies can demonstrate a commitment to email security and protect their brand reputation by reducing the risk of phishing attacks and fraudulent emails.
  3. Compliance Requirements: Many industries have regulations and compliance requirements related to email security. Implementing DMARC can help companies meet these requirements and avoid potential penalties for data breaches or non-compliance.
  4. Industry Trends: Major email providers like Google are increasingly adopting DMARC authentication and starting to reject emails that fail DMARC checks. As more companies follow suit, emails without DMARC authentication may be more likely to be flagged as spam or rejected, potentially leading to delivery issues and communication problems.

In summary, implementing DMARC, along with SPF and DKIM, is essential for companies to protect their email domains from spoofing and phishing attacks, safeguard their brand reputation, comply with industry regulations, and ensure reliable email delivery in an evolving email security landscape.


Author: Dave King

Dave King is the Co-Founder and Director of Carden IT Services and the wider Carden IT Group. Dave has over 18 years’ experience in business IT networks with a focus on IT consultation and disaster recovery planning/testing.