• Log In
  • Sign Up
  • Contact Us
PowerDMARC
  • Features
    • PowerDMARC
    • Hosted DKIM
    • PowerSPF
    • PowerBIMI
    • PowerMTA-STS
    • PowerTLS-RPT
    • PowerAlerts
  • Services
    • Deployment Services
    • Managed Services
    • Support Services
    • Service Benefits
  • Pricing
  • Power Toolbox
  • Partners
    • Reseller Program
    • MSSP Program
    • Technology Partners
    • Industry Partners
    • Find a partner
    • Become a Partner
  • Resources
    • DMARC: What is it and How does it Work?
    • Datasheets
    • Case Studies
    • DMARC in Your Country
    • DMARC by Industry
    • Support
    • Blog
    • DMARC Training
  • About
    • Our company
    • Clients
    • Contact us
    • Book a demo
    • Events
  • Menu Menu

DMARC for Dummies

Blogs
DMARC for dummies 1

‘m sure you’ve heard about DMARC, but do you know what it is? This DMARC for Dummies guide is for everyone (technical and non-technical), which will take you through the basics of DMARC in simple English. 

A lot of people over the internet are curious about the concept of information security and email authentication but find the protocols hard to understand and implement. We are assembled here today to make everyone aware of how easy it is to configure DMARC and debunk some common myths surrounding it.  

DMARC explained in plain English

What is DMARC? If we expand the acronym, the term DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. It’s an email security policy that allows email senders to specify policies for how their email should be handled if it’s received by a receiving server.

For example, if you’re using a marketing automation platform, you can set up a rule that says: “If the email comes from Gmail, then accept it.” And then you can set up another rule that says: “If the email comes from Hotmail, then reject it.” This way, if someone gets a reply from Hotmail but not Gmail, they’ll know that their message wasn’t delivered correctly—and they’ll be able to take steps toward fixing it.

It’s also a way for organizations to protect themselves against phishing attacks by making sure that the emails they receive are legitimate.

How does it work?

 If the email is fake, DMARC will let you know.

Here’s how it works: A sender domain (like company.com ) publishes a DNS record with their domain registrar that says what they want their policy to be: what types of emails they will accept and reject, and where those emails should be sent if they’re rejected. Then when someone sends an email on behalf of your company using DMARC, the receiving server checks if there’s a valid policy in place before accepting it. If there isn’t, then the receiving server can either reject or quarantine the message until it gets verified by someone at your company who knows what’s up—or destroyed altogether!

Why should I care about this?

If you’re a business that uses email marketing, you need to know how to implement DMARC correctly. It helps prevent spoofing and phishing, which means that it can protect your customers from getting scammed. It also upholds and maintains your brand’s reputation by ensuring all emails it sends out are legitimate, so people know that they can trust you.

To summarize, 

  • It prevents emails from spoofers, who send out emails pretending to be from your domain
  • It helps protect your brand from phishing attacks by preventing email impersonation
  • It gives you more control over how legitimate emails are delivered to recipients

DMARC for Dummies Guide for Businesses

DMARC Essentials and Preconditions 

At a high level, there are three things you need to do to implement DMARC:

  1. Create a DNS record that points to your email server’s SPF record
  2. Create a DNS record that points to your email server’s DKIM key record
  3. Setup SPF and  DKIM on your email server

Note: It is not mandatory to implement both SPF and DKIM for DMARC configuring. You can implement either of the two, however, both are recommended for enhanced security. If your domain is hosted by an email provider like Office 365 or Google Apps, they may already have one of the required SPF records in place for you—you can check with them if this is the case. You’ll also need to find out what their DKIM key is so that you can add it to your DNS settings.

When you’re ready to implement DMARC, you’ll need to make sure you have the right tools and infrastructure in place.

To get started, you’ll need:

  1. A domain name registrar (like GoDaddy)
  2. A DNS provider (like AWS Route 53)
  3. A mail server that supports SPF and DKIM (like Amazon SES)

Setup and Policy Modes 

DMARC for dummies

To establish email authentication with DMARC at your organization, you need to have a policy record in place on your DNS after you have taken care of the prerequisites mentioned above. 

Given below is an example of one such record: 

Name: _dmarc

Value: v=DMARC1; pct=100; p=none; rua=mailto:[email protected]; 

Each of the tags is significant and points to specific instructions for servers. Let’s break down the few mentioned here: the “v” tag points to the protocol version in use, pct refers to the percentage of emails authenticated (100% in this case), p is the DMARC failure mode or policy at play and the rua tag is the email address to which aggregate reports are to be sent by reporting domains. 

You can create a record specific to your domain, manually, if you’re familiar with the syntax. Else, you can use a free online DMARC record generator tool to assist you in the process. 

While creating your record you MUST mention a policy mode (under the “p=” tag). There are 3 DMARC policies to choose from: 

  • None: You instruct your receivers to accept every email originating from your domain whether they fail or pass domain alignment. Best for novices who are just starting with email authentication. 
  • Quarantine: You instruct your receivers to quarantine emails failing domain alignment so that they can be reviewed later. 
  • Reject: You instruct your receivers to reject every email that fails alignment. If you want protection against spoofing and phishing attacks, this is the policy you should go for. 

Monitoring and Reporting on email delivery failures 

Reporting in DMARC is a feature that allows you to track your email’s authentication status and delivery failures. It is an excellent feature that enables detailed DMARC analysis by extracting email header information. It can also help you identify where your emails are being forwarded and what kind of responses you’re getting from the recipient.

Shown below is a part of a DMARC report to give you an idea about what it may look like.  

DMARC for dummies

As you scroll further down your report, you should be able to see your SPF and DKIM authentication results listed chronologically: 

DMARC for dummies

Each report is sent in the form of an XML file, which means you need to have a fair understanding of extensible markup language to read the data. You may choose to avoid this hassle by utilizing a DMARC report analyzer that automatically parses reports for you to make them human-readable. 

To enable reporting, you need to add the “rua” tag to your record, specifying an email address you want to receive these reports on. Make sure the email address falls within the scope of your own domain and is specifically created for this purpose to avoid cluttering data. 

Industry Support and Spoof Protection 

ESPs that support DMARC include industry giants like Google, Microsoft, Amazon, MailChimp, and more! Industry leaders and experts endorse email authentication as a proven method for reducing direct-domain spoofing and email phishing attacks. This however can only be achieved through an enforced policy. 

It is also important to note that DMARC is NOT a replacement for your antivirus or firewall solutions. It is merely an added layer of security that can better protect your organization against email fraud attacks. For well-rounded protection, pairing up DMARC with your favorite antivirus software or firewall extension is a must!

DMARC for dummies

  • About
  • Latest Posts
Ahona Rudra
Digital Marketing & Content Writer Manager at PowerDMARC
Ahona works as a Digital Marketing and Content Writer Manager at PowerDMARC. She is a passionate writer, blogger, and marketing specialist in cybersecurity and information technology.
Latest posts by Ahona Rudra (see all)
  • How to Protect Your Passwords from AI - September 20, 2023
  • What are Identity-based Attacks and How to Stop Them? - September 20, 2023
  • What is Continuous Threat Exposure Management (CTEM)? - September 19, 2023
June 21, 2022/by Ahona Rudra
Tags: dmarc explained in plain english, DMARC for beginners, DMARC for dummies
Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on WhatsApp
  • Share on LinkedIn
  • Share by Mail

Secure Your Email

Stop Email Spoofing and Improve Email Deliverability

15-day Free trial!


Categories

  • Blogs
  • News
  • Press Releases

Latest Blogs

  • How-to-protect-your-Password-from-AI
    How to Protect Your Passwords from AISeptember 20, 2023 - 1:12 pm
  • What are Identity-based attacks and how to stop them_
    What are Identity-based Attacks and How to Stop Them?September 20, 2023 - 1:03 pm
  • DMARC for dummies
    What is Continuous Threat Exposure Management (CTEM)?September 19, 2023 - 11:15 am
  • What-are-DKIM-Replay-Attacks-and-How-to-Protect-Against-Them
    What are DKIM Replay Attacks and How to Protect Against Them?September 5, 2023 - 11:01 am
logo footer powerdmarc
SOC2 GDPR PowerDMARC GDPR comliant crown commercial service
global cyber alliance certified powerdmarc csa

Knowledge

What is Email Authentication?
What is DMARC?
What is DMARC Policy?
What is SPF?
What is DKIM?
What is BIMI?
What is MTA-STS?
What is TLS-RPT?
What is RUA?
What is RUF?
AntiSpam vs DMARC
DMARC Alignment
DMARC Compliance
DMARC Enforcement
BIMI Implementation Guide
Permerror
MTA-STS & TLS-RPT Implementation Guide

Tools

Free DMARC Record Generator
Free DMARC Record Checker
Free SPF Record Generator
Free SPF Record Lookup
Free DKIM Record Generator
Free DKIM Record Lookup
Free BIMI Record Generator
Free BIMI Record Lookup
Free FCrDNS Record Lookup
Free TLS-RPT Record Checker
Free MTA-STS Record Checker
Free TLS-RPT Record Generator

Product

Product Tour
Features
PowerSPF
PowerBIMI
PowerMTA-STS
PowerTLS-RPT
PowerAlerts
API Documentation
Managed Services
Email Spoofing Protection
Brand Protection
Anti Phishing
DMARC for Office365
DMARC for Google Mail GSuite
DMARC for Zimbra
Free DMARC Training

Try Us

Contact Us
Free Trial
Book Demo
Partnership
Pricing
FAQ
Support
Blog
Events
Feature Request
Change Log
System Status

  • Français
  • Dansk
  • Nederlands
  • Deutsch
  • Русский
  • Polski
  • Español
  • Italiano
  • 日本語
  • 中文 (简体)
  • Português
  • Norsk
  • Svenska
  • 한국어
© PowerDMARC is a registered trademark.
  • Twitter
  • Youtube
  • LinkedIn
  • Facebook
  • Instagram
  • Contact us
  • Terms & Conditions
  • Privacy Policy
  • Cookie Policy
  • Security Policy
  • Compliance
  • GDPR Notice
  • Sitemap
DMARC Unauthenticated Mail is Prohibited [SOLVED]DMARC Unauthenticated Mail is ProhibitedPowerDMARC helps Hamdan Bin Mohammed Smart University overcome their email security challengesPowerDMARC helps Hamdan Bin Mohammed Smart University overcome their email security...
Scroll to top