Secure your sending emails with Dmarc!

What is DMARC?

Domain-based Message Authentication Reporting and Conformance (DMARC) is an email authentication protocol created to fight against spam, spoofing, and phishing. Basically, this email validation system is created to protect your domain from all kinds of cybercrimes. 

The email security protocol, DMARC, was created by PayPal with help from Google, Microsoft, and Yahoo!  back in 2012.

DMARC tells the receiving mail servers what they should do when they get mail that seems to come from your organization, but who doesn’t pass authentication requirements from your DMARC policy record.

It’s kind of your own personal security guard to your domain. Pretty awesome isn’t’ it?

It uses and monitors two other email authentication methods: 

  • Sender Policy Framework (SPF) 
  • Domain Keys Identified Mail (DKIM) of all the emails sent with this domain. 

If the authentication fails (SPF/DKIM), then the security policy implemented in the DKIM will be applied.

What are the benefits of DMARC?

There are a few key reasons that you would implement DMARC if you use email in your company.

  • Reputation and Identification

    Publishing a DMARC record protects your company by preventing unauthenticated one from sending mail from your company domain.It is also make your email easily identifiable from any emails boxes.

  • Visibility

    Using DMARC can increase visibility into the internet by letting you know who is sending email from your domain.

  • Security

    DMARC helps the email ecosystem by disallowing unauthorized use of your email domain and protecting all from fraud, phishing and spam.

How to monitor a domain with DMARC?

Thanks to DMARC, we can monitor all emails sent from a given domain. 

For example, if we track our mailsoar.com sending domain, then we will see that our main sending sources come from our corporate emails (Gsuite), but also from Google Calendar invitations.

The easiest and most efficient way to monitor these sources is to use a monitoring tool. At MailSoar, we use two, depending on our clients: 

  • GlockApps 
  • SendForensics

With these tools, you can therefore monitor all your sources, and see if they are correctly authenticated.

It is very easy to set up these tools. For example with glockapps, you just have to click on “DMARC analytics”, then on “Add a domain” and write down the domain you want to monitor. It will give you a DMARC record (TXT) to add to the DNS of your domain. 

Here is an example of DMARC record

				
					v=DMARC1; p=none; rua=mailto:test@ar.glockapps.com; ruf=mailto:test@fr.glockapps.com; fo=1;
				
			
  • v=DMARC1: Protocol version
  • p=none: Policy
  • rua=mailto:test@ar.glockapps.com: Recipients of aggregated failure reports
  • ruf=mailto:test@fr.glockapps.com: Recipients of detailed failure reports
  • fo=1: Conditions for sending a detailed report

The policies available

The DMARC specification provides 3 choices for domain owners to use to specify their preferred treatment of mail that fails DMARC validation checks. These “p= policies” are:

  • p=none. Nothing will happen if a source is not correctly authenticated. It will just allow you to monitor the sending sources.
  • p=quarantine. If the SPF / DKIM authentication is not correct, then the receiving server will place your email in the spam folder.
  • p=reject. If the SPF / DKIM authentication is not correct, then the receiving server will reject your email.

How to choose a DMARC policy?

  • For the first month

    Our best advise is to configuring the DMARC with a p=none policy . This will allow you to look at all the sending sources, monitor their authentication, and make the necessary modifications for the sources that are not correctly authenticated.

  • Over the next 2 monts

    You can set the policy to p=quarantine to ensure that there is no problem with deliverability.

  • After 2 weeks

    After this time, if all the sending goes well, change the policy to p=reject. With this, all emails that are not properly authenticated will be rejected by the receiving server, and your sending domain will be protected from spam and phishing attacks.

  • Then

    When everything is in place: deploy BIMI!

How MailSoar can help you with your DMARC deployment?

DMARC is an important evolution of your email authentication. It is just not another DNS record adding to your company, it is one of the best securitization processes for your email.

Mailsoar can help you make your emails as secure as possible with:

  • Audit of your email infrastructure to review the key areas potentially causing you trouble
  • Implementation of all monitoring solution especially for DMARC 
  • Implementation of the immediate recommendations to improve your KPI’s quickly as possible
  • BIMI deployment 

 

Contact us now and we will help you set up your DMARC policy to be sure that no one is using your domain without your agreement.

Share This Post

More To Explore

Phishing: recognizing and protecting against it

Phishing is a technique used by cybercriminals to try to steal your personal information. This type of attack can come in many different forms, but often takes the form of an email. Learn how to protect from them

Do you want to grow your business with emailing?

we can do it together

Book a meeting now