DMARC is a standard email authentication protocol which verifies an email's origin and prevents spoofing. The acronym stands for Domain-based Message Authentication, Reporting, and Conformance.
How DMARC Works
DMARC aligns with DKIM and/or SPF authentication mechanisms to verify the legitimacy of an email's sending domain. Domain owners can publish a DMARC record in the DNS for email servers to adhere to, specifying their email authentication practices.
Once DKIM or SPF (or both) pass, DMARC authenticates the email, allowing an email server to verify a sending domain. If it does not pass DMARC verification, the email server can assume it is not from the purported domain and reject it or quarantine it in the junk folder, depending on the DMARC specifications.
DMARC Policies
DMARC allows domain owners to specify one of three policies for handling emails that fail authentication:
None (p=none): Monitor mode; emails that fail DMARC are delivered but reported. Useful for initially assessing email authentication posture.
Quarantine (p=quarantine): Emails that fail DMARC are sent to the spam/junk folder.
Reject (p=reject): Emails that fail DMARC are rejected outright and not delivered.
Benefits of DMARC
DMARC helps protect domains from business email compromise (BEC) and phishing attacks that use domain spoofing to trick victims. DMARC builds upon DKIM and SPF by adding reporting capabilities and specifying actions for emails that fail authentication.
DMARC also provides domain owners with visibility into who is sending email on behalf of their domain, helping to identify unauthorized senders and potential spoofing attempts.
Limitations
While DMARC is a critical email security control, it does not protect against all email-based attacks. Attackers can bypass DMARC by using lookalike domains, compromised legitimate accounts, or other techniques that do not involve direct domain spoofing. Advanced email security solutions like Pangratis provide additional layers of protection that go beyond DMARC to detect these more sophisticated attacks.