What You Need To Know About DMARC Records

Understanding the importance of email security is essential for businesses of all sizes. An important part of developing a secure email system is the DMARC record. DMARC records are used to help protect a company’s domain from malicious actors who may be attempting to send malicious emails on their behalf. 

In this blog post, we will look at everything you need to know about DMARC records and how to use them to improve your email security. We will cover the purpose of a DMARC record, the different types of DMARC records, and how to create and manage one. For more information on DMARC records, visit dmarcreport.com.
‍

What is a DMARC record?

A DMARC record is a text record created in the DNS on your domain, under the dmarc.yourdomain.com domain, where yourdomain.com is your actual domain or subdomain. It informs the email server how to treat emails that do not follow DMARC authentication, and where to send notifications on information detailing authentication statistics.
‍
A DMARC record may consist of a list of DMARC DNS names. Each tag could be a key value pair separated by . A sample of a list of DMARC tags is shown below:
‍

• v: DMARC protocol version. The default is "DMARC1";
  ‍
• p: Apply this policy to emails that fail the DMARC check. This policy can be set to 'none', 'quarantine', or 'reject'. 'none' is used to collect DMARC reports and gain insight into the current email flows and their status;
  ‍
• rua: A list of URIs for email service providers to send aggregate reports to. NOTE: this is not a list of email addresses.
  ‍

• ruf: A list of URIs for ISPs to send forensic reports to. NOTE: this is not a list of email addresses. 
  ‍
• sp: This policy should be applied to email from a subdomain of this domain that fails the DMARC check. Using this tag domain owners can publish a 'wildcard' policy for all subdomains;
  ‍
• fo: Forensic options. Allowed values: '0' to generate reports if both DKIM and SPF fail, '1' to generate reports if either DKIM or SPF fails to produce a DMARC pass result, 'd' to generate report if DKIM has failed or 's' if SPF failed;
  ‍

• rf: The reporting format for forensic reports
  ‍

How Is A DMARC Record Used?

A DMARC (Domain-based Message Authentication, Reporting & Conformance) record is used to protect email domains from unauthorized use (spoofing) and to provide a reporting mechanism for email authentication failures. DMARC works by combining the results of SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) authentication to determine whether incoming messages are legitimate.

DMARC enables domain owners to specify what action (e.g., quarantine, reject) should be taken when incoming messages fail SPF or DKIM checks and/or do not align with the From header field. DMARC reports are sent by participating mail servers to the domain owners to provide insights into the use of their domains in email communication.
‍

How Does It Work?

DMARC works by allowing the owner of a domain to publish a policy in their domain's DNS records that specifies what action email receivers should take when they receive messages claiming to come from that domain that fail SPF (Sender Policy Framework) and/or DKIM (DomainKeys Identified Mail) authentication checks.

When an email is received, the recipient mail server checks the DMARC record for the domain specified in the "From" header of the email. Based on the policy defined in the DMARC record, the recipient mail server can then decide to accept, reject, or quarantine the message.
‍

In conclusion, DMARC records provide a powerful way to improve email security, reduce spam and phishing, and protect your domain from misuse. It is important to understand what DMARC is, how it works and how it can be used to protect your domain from malicious actors. With the right setup, you can reduce the amount of malicious emails received by your domain and make sure that only legitimate emails are sent.
‍