What is DMARC and why your business needs to get on board

According to the 2019 Cost of Data Breach Report, from Ponemon Institute and IBM Security, the global average cost of a data breach is $3.92 million!

This cyberattack business is a lucrative one. 

In fact, Business Email Compromise generates higher ROI than any other cyberattack. According to the 2019 Internet Crime Report, it reported losses of over $1.7 billion. 

Cybersecurity measures and protocols are crucial to business continuity now more than ever.

According to the Verizon 2019 Data Breach Investigations Report, 94% of malware was delivered by email.

Enter Domain-based Message Authentication, Reporting, and Conformance (DMARC). 

Yes, it’s quite a mouthful. But the time to protect your business email is now.

What is DMARC? DMARC is a relatively new technology.  It’s a technical validation policy that’s set to help protect email senders and receivers from all email spam.

dmarc illustration| DMARC,DKIM,SPF

DMARC is a solution that builds on both the Sender Policy Framework (SPF) and Domain Key Identified Mail (DKIM) solutions. This technology allows your organisation to publish a specific security policy around your email authentication processes and then instructs your mail server on how to enforce them.


DMARC has three main policy settings: 

  • Monitor policy – p=none. This policy means that no action will be taken in the light of failing the DMARC checks.
  • Quarantine policy – p=quarantine. This policy means that all emails that fail your DMARC check need to be treated as suspicious, this could see some emails landing up on your spam folder.
  • Reject policy – p=reject. This policy is set up to reject all emails that do not pass your DMARC checks.

The ways these policies are set up is entirely up to your organisation and how you want to handle unauthenticated emails.

According to the 2019 Global DMARC Adoption Report, only 20.3% of domains are publishing some level of DMARC policy of that only 6.1% have a reject policy in place.

Why DMARC is important for your business?

At this point, you’re wondering if you really need DMARC if you already have SPF and DKIM.

The short answer is yes.

But there’s more…

As of 2019, there were over 3.9 billion email accounts, and when you consider that 94% of malware attacks occurred through email, it absolutely makes business sense to do your very best to protect your email.

While the corporate uptake of DMARC has been slow, it’s essential to note that digital giants such as Facebook and PayPal have adopted DMARC technology.

  • Reporting. The reporting offered with DMARC allows your organisation greater insights into your email channels. They will help your organisation monitor what emails are being sent and received by your organisation. DMARC reports will give you insights into how your domain is being used and can play a role in developing more robust email communications.
  • Enhanced control. DMARC allows you full control over what emails are being sent from your domain. If email abuse is taking place, you will immediately see it in the report allowing you to correct any authentication issues.

Key Takeaways

We’re living in an era where cyberattacks are every businesses reality.

By not securing your email effectively you are opening your business up to all kinds of vulnerabilities.

Don’t let yours be next.



Take a look at how PowerDMARC can help you secure your business email today.

Simply click the button below to speak to an email security expert today