What is DMARC? Understanding DMARC Records

Domain-based Message Authentication, Reporting & Conformance, or DMARC for shorts, is a protocol that uses SPF (Sender Policy Framework) and DKIM (DomainKey Identified Mail) to verify the authenticity of emails.

DMARC records help ISPs (Internet Service Providers) prevent malicious emails reaching recipients and reduces the possibility for domain spoofing or phishing attacks.

DMARC records allows email senders to specify how mail servers should handle incoming emails which were not authenticated using SPF or DKIM. Senders can choose to either have emails send to the recipients junk or to be blocked completely before it reaches a mailbox. This enables ISPs to better identify spammers and prevent malicious email from reaching consumers mailboxes, whilst minimizing false positives and providing better authentication reporting for greater transparency.

It is worth noting that currently not all mail servers will perform a DMARC check when receiving email messages. However all major ISPs do perform this check and DMARC implementation is steadily growing for large and small organisations.

DMARC Authentication Explained

What does a DMARC record look like?

Here is an example of a DMARC record, this is AOITs DMARC record:

v=DMARC1;p=quarantine;rua=mailto:[email protected];ruf=mailto:[email protected];rf=afrf;pct=100

Breaking this down section by section:

v=DMARC1

Version – When the receiving server is scanning DNS records for the domain which it has just received an email message from, it will check your txt records for any that begin with v=DMARC1, if this is not found then no DMARC check will be performed.

p=Quarantine

Policy – This dictates what the receiving server should do with any emails which haven’t passed SPF or DKIM but still claim they are from your domain. We set our policy to Quarantine. There are 3 different policies which can be set:

  1. p=none – The receiving server won’t perform any actions against the email message but will still report it to the domain RUA mailbox specified.
  2. p=quarantine – The receiving server will deliver but quarantine mail, typically sent directly to the users spam/junk.
  3. p=reject – The receiving server will reject all mail which cannot be verified as 100% authentic from your domain.

rua=mailto:[email protected]

This tells the receiving server where to send aggregate reports of DMARC failures. Aggregate reports are sent once a day and include high-level information about DMARC failures but don’t provide granular details of each instance.

This can be any email address of your choosing and doesn’t have to be part of the same domain.

ruf=mailto:[email protected]

This tells the receiving server where to send forensic reports of DMARC failures. Forensic reports are sent when an incident occurs and contains specific details of the failure.

This email address must be the same domain of which the DMARC record is published

rf=afrf

Reporting Format – This defines the type of reporting which should be sent to the domain administrator. Currently afrf is the only option and means Aggregate Failure Reporting Format.

pct=100

Percent – This notifies the receiving server how much of mail should be subjected to the DMARC specifications. This is can be any number between 1 and 100.

If you require assistance or clarification regarding anything mentioned in the above article, reach out and receive expert support from the highly skilled technical team here at AOIT. We are dedicated to providing exceptional customer service and will be more than happy to assist you.

To initiate a support request, kindly click the “Request Assistance” button and a member of our team will respond to you within 24 hours.

Thank you for choosing AOIT for your technical support needs.

Similar articles you may find interesting...

Enforced 2FA
Information

Enforced Two-Factor Authentication (2FA)

Starting Monday, November 18th 2024, 2FA will be mandatory for accessing your account. This is necessary because our dashboard allows Single Sign-On (SSO) to server and hosting control panels, it also contains personal details and billing information. Ensuring the security of your data is our top priority.

Read More »
What is DNS
Domains and DNS

What is a DNS and How Does it Work?

What is a DNS? A domain name system (DNS) is a naming database. In this database, internet domain names are identified and translated into Internet Protocol (IP) addresses. The DNS maps the name people use to locate a website to the IP address that a computer uses to locate that website, creating a connection between

Read More »
SSH Keys RSA vs ED25519
Information

SSH Keys Choosing RSA or Ed25519

SSH, or Secure Shell keys have a critical role in modern authentication and encryption when establishing secure connections. By utilising advanced mathematical functions SSH keys ensure that only permitted and trusted users can access remote resources. Within the world of SSH keys there are two main choices for encryption algorithm: RSA and Ed25519. In this

Read More »