- Category: December 2014 - Email Marketing
Domain-based Message Authentication, Reporting and Conformance, for short DMARC, is a method of email authentication and a way to mitigate email abuse. Developed on two existing mechanisms, the well-known Sender Policy Framework (SPF) as well as DomainKeys Identified Mail (DKIM), it coordinates their results on the alignment of the domain in the From: header field, which is often visible to end users.
DMARC is designed to fit into an organization's existing inbound email authentication process. The way it works is to help email receivers determine if the purported message aligns with what the receiver knows about the sender. If not, DMARC includes guidance on how to handle the "non-aligned" messages. What should be emphasized here is that DMARC doesn't directly address whether or not an email is spam or otherwise fraudulent, instead it requires that a message not only pass DKIM or SPF validation, but that it also pass alignment. For SPF, the message must PASS the SPF check, and the domain in the From: header must match the domain used to validate SPF. For DKIM, the message must be validly signed and the d= domain of the valid signature must align with the domain in the From: header. In both cases it must exactly match for strict alignment, or must be a sub-domain for relaxed alignment. Under DMARC a message can fail even if it passes SPF or DKIM, but fails alignment.
Quite obviously, DMARC removes guesswork from the receiver's handling of these failed messages, limiting or eliminating the user's exposure to potentially fraudulent & harmful messages and at the same time provides a way for the email receiver to report back to the sender about messages that pass and/or fail DMARC evaluation.
DMARC policies are published in the public Domain Name System (DNS) as text (TXT) resource records (RR) and announce what an email receiver should do with non-aligned mail it receives.
The concept behind DMARC is based on practical experience during loose collaborations between some of the founding senders and receivers who agreed on how to interpret mail coming from domains supporting DKIM and SPF. Impressive is that just after one year, in 2013, DMARC was estimated to protect 60% of the world's mailboxes.