What is DMARC and how do I configure it?

Definition

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email security protocol that relies on SPF and DKIM to protect a domain against spoofing and phishing attacks.

It allows domain owners to:

• Define a policy on how unauthenticated emails should be handled (should they be accepted? quarantined? rejected?).

• Receive reports on attempts to fraudulently use their domain.

Specifically, DMARC checks if each received email passes these three different filters:

• SPF (the sender's IP address is authorized by the domain) Read 👉 What is SPF and how do I configure it?

• DKIM (the cryptographic signature of the message is valid)

• Alignment (the domains used in SPF/DKIM match the one displayed in the sender's address)

If the email fails these checks, the receiving server applies the DMARC policy defined by the sending domain.

Here is an example of a DMARC policy definition: _dmarc.yourdomain.com IN TXT "v=DMARC1; p=reject; rua=mailto:[email protected]".

• v=DMARC1: the DMARC version.

• p=reject: the applied policy. Here, "reject" means that emails that do not pass the three filters mentioned above will be rejected, i.e., not received in the mailbox.

• rua=mailto:...: the address to receive aggregated reports.

Configuration

Go to External Surface > Results > Configuration and reputation to find your DMARC data.

Then click on View all at the bottom of the page: you will find misconfigured domains, as well as installation guides depending on whether you are using Google or Microsoft.

Additionally, the External Scan uses a cache that takes approximately 6 to 7 days to update; therefore, you may have to wait up to a week for the results to refresh. If everything appears to be in order but the problem persists, please contact us at [email protected]