DMARC

Domain-based Message Authentication, Reporting, and Conformance (DMARC) is an email security protocol that helps protect users from forged emails and email spoofing:

How it works

DMARC builds on the Domain Name System (DNS), DomainKeys Identified Mail (DKIM), and Sender Policy Framework (SPF) protocols to verify email senders. DMARC policies tell receiving email servers what to do with messages that don't pass these authentication checks.

What it does

DMARC helps prevent email spoofing, which is when attackers use an organization's domain to impersonate its employees. DMARC can also help protect a brand's reputation by blocking spoofed messages.

How to set it up

DMARC is set up by administrators after SPF and DKIM are set up. DMARC records are published as text (TXT) resource records (RR) in the sending organization's DNS database.

How to use it

DMARC policies can specify what to do with messages that fail authentication, such as moving them to the recipient's spam folder. It's recommended to start by quarantining a small percentage of emails that fail DMARC and increase over time.