What is DMARC: Email Security with DMARC, SPF, and DKIM
How Much Security is Enough When It Comes to Cyber-Crime?
According to the research by Verizon, email is the channel of distribution of 94% of all malware that gets on computers. Phishing takes the first place among cyber-attacks – 80% of all incidents, intending to install malware to the computer using social engineering tactics. The shocking average of $17,700 is lost every minute due to phishing attacks.
To create a safe environment for both the company and the audience it is necessary to talk about the most effective protection protocol – DMARC.
Run a DMARC record check to see if you’re protected!
What is DMARC?
DMARC stands for “Domain-based Message Authentication, Reporting & Conformance,” and it’s an email authentication, policy, and reporting protocol. In simpler terms, DMARC allows you to prevent unauthorized use of your email domain and protect your email recipients from phishing, spoofing, and other email scams that may use your brand recognition to get read. It is like a door frame detector for your email: monitors what is coming in and out.
Why is DMARC Important?
Unfortunately, many companies around the world still fail to understand the importance of DMARC policy for the security of their brand and customers. That is one of the reasons why email phishing and spoofing rates are still high.
It is crucial to understand that people involved in cybercrime do not target only the biggest companies in the world, and anyone can fall victim to their scams. So if you think your business is secured without DMARC, read the next paragraph.
What is happening without DMARC:
- Recipients can’t identify a legitimate company’s message from a fake one;
- ESPs don’t have enough security to make a correct decision on which email is harmful and which is real;
- Senders stay unaware of the unauthorized activity on the domain they are sending their emails from.
All this mess leads to theft of passwords, bank accounts, credit cards, identities, and more. It also adds up to billions of dollars losses in total.
To get an in-depth understanding of DMARC protocol, it’s implementation, and analysis of the results – download our whitepaper.
How Does DMARC Work?
DMARC works based on two other protocols: SPF and DKIM, so to proceed with DMARC, make sure that those two work correctly. Together the three ingredients create a perfect authentication mix for securing you and your clients.
These are the steps an email undergoes if you run regular DMARC checks:
- The mail server completes the SPF and DKIM alignment.
- If the check is complete with no problems, the server applies DMARC policy and defines what to do with the email.
- After deciding on what to do with the email, DMARC sends a report with the conclusion on actions towards this particular email, as well as all other emails sent from this domain.
Additionally, you may want to use third-party tools like DMARC report analyzers to make the analysis and storing process simpler.
How does DMARC policy decide what to do with every email?
DMARC policy provides three options on what actions to take for an incoming email: none (nothing), quarantine, or reject. These options have to be included in the DMARC record.
Here’s what each of the DMARC policies means::
- none: do nothing with the email; in other words, as if DMARC was not installed. You should use this policy especially in the beginning to collect data about the authentication of an email;
- quarantine: accept the email but treat it very carefully. Quarantined email may be considered suspicious or marked as spam. In any case, it will not get to the recipient’s inbox;
- reject: email gets rejected with no questions asked.
What is a DMARC Record?
DMARC record is the implementation of the DMARC policy. The beauty of DMARC is the simplicity of deployment. All that needs to be done is adding a TXT record with all your settings to the DNS records, and you are ready to run a DMARC check.
Now, you have deployed DMARC: created policy settings, and installed the TXT record to the DNS. What comes next is you begin receiving reports.
Run a DMARC record check free!
What is a DMARC Report?
DMARC reports provide you with important information: unauthorized use of your domain, email authentication, potential email threats, etc. There are two types of reports: aggregate and forensic. Let’s look at each of them to understand how to get the best out of the information at your disposal.
- Aggregate reports
Aggregate reports are XML files that contain information on all emails regardless of whether they have failed the DMARC authentication or not. They provide statistical data so that you could see the big picture of messages from a particular domain. The downside is that it might be very confusing to look at the aggregate report because it was created to be machine-read. That is why it is recommended to use the DMARC report analyzer to process the data.
- Forensic reports
Unlike aggregated reports, forensic reports are more specific – they show messages that failed the DMARC authentication. They also provide details about subject lines, URLs included in the messages, failed SPF, and DKIM authentication problems.
What are the Benefits of DMARC?
If you haven’t deployed DMARC yet, now is a great time to start. Here is a quick list of five benefits you can get from having this email protocol in place:
Benefit #1: Domain Visibility
DMARC provides you with information about how your domain is being used across the Internet. DMARC reporting mechanism enables you to receive reports about email messages that are being sent on behalf of your domain from all across the internet. These reports will reveal great insights, such as:
- Who is sending from your domains (both legal and illegal sources)
- How many emails are sent by each source
- What percentage of messages sent by legal sources are being properly authenticated
- Which sources are sending unauthenticated emails
- Which authentication method (SPF, DKIM, DMARC) is broken
These reports give you a complete overview of how your email domains are used and how you can better improve your email communications.
Benefit #2: Control
DMARC allows you full control over emails sent from your domains. If anyone starts abusing your domain, you will instantly see it in the DMARC report. If any of your legal sources start sending unauthenticated emails, DMARC reports will show it so you can correct the authentication issues.
The report includes the volume of emails sent from your domains. So if you notice an unusual increase in sending volume, you can check if it was sent from a legitimate source or if it’s from a spoofing attack.
Benefit #3: Security
Since the beginning, email users have had to deal with spam, phishing, and spoofed messages. Organizations had very little control over their domains to prevent domain impersonation.
DMARC solves this problem. You can instruct receiving email systems, through a DMARC Policy, about what to do when a message that says it’s coming from your domain but is not properly authenticated. You can tell mailbox providers to reject any message sent from your domain that didn’t pass a DMARC check. This way, you protect your domain from being spoofed and protect your email recipients from spammers and scammers that pretend to be you.
Benefit #4: Brand Recognition
DMARC enables access to the BIMI (or Brand Indicators for Message Identification) standard. It is a new email standard that is being adopted and supported by more and more email providers. Currently, only Yahoo and Gmail support BIMI.
BIMI provides email senders yet another way to stand out in their recipient’s Inbox by displaying their logo next to the message. This option gives your email instant brand recognition and credibility. You can deploy BIMI if you have strong email authentication and apply the “p=quarantine” or “p=reject” DMARC policy to unauthenticated messages.
Benefit #5: Deliverability
DMARC reinforces SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail). If the message is DMARC aligned, it is always prioritized with regards to email placement. Email receiving systems have more trust in email messages that have strong authentication in place. So does DMARC improve deliverability? Even though it’s not the primary goal – in many cases it does.
Moreover, If you implement DMARC enforcement with BIMI, you will have better chances at deliverability than other senders who do not have it. Your recipients will then be able to trust that the message is from you and be more willing to open and respond to the email. It will be a good signal to the mailbox provider that your messages are wanted and deserve a place in the Inbox.
The good news is: the worldwide statistics (according to dmarc.org shows that the number of DMARC policies in 2019 increased by about 300%.
Both SPF and DKIM protocols have their weak sides, and DMARC gathers results of their authentications to provide the best level of safety you can get nowadays.
Benefit from DMARC with DMARC Report Analyzer
Knowing the benefits of DMARC, how exactly can you take advantage of them? When you run a DMARC check, reports are sent in XML files; email senders may have difficulty deciphering and comprehending the data, that is why it is strongly recommended to use third-party tools – DMARC report analyzers – specially created to receive, process, analyze and store your reports.
The GlockApps DMARC Analytics tool runs your DMARC checks, receives reports, and presents the data in a user-friendly format. Quickly see your authorized and unauthorized mail streams and the sources sending DMARC compliant and non-compliant emails.
You can activate the DMARC Analytics trial in your account and start receiving DMARC data today.
Read more: How to Deploy DMARC Monitoring