Today we will explore another really fundamental in the Domain Name System record type – DMARC record. But let’s burst briefly review what exactly DNS records are.
Definition of DNS records
DNS (Domain Name System) records are defined as information entries and instructions that are saved in authoritative DNS servers. They provide DNS data related to a specific domain, and they are important commands for servers to execute many different DNS tasks.
Definition of DMARC record
DMARC means Domain-based Message Authentication, Reporting, and Conformance. It is a DNS record that helps receiving email servers authenticate if incoming messages are legit or not. A DMARC record comprises several key-value pairs that specify the policy for the domain and how to handle emails that don’t pass DMARC evaluation.
Frequently, criminals impersonate organizations to scam their users and even their employees, and partners, through tactics like phishing emails. Email fraud is unfortunately a common threat and a way for you and your business or organization to lose money and sensitive data. DMARC record is a tool to protect email recipients from spam, phishing, and other types of email abuse.
When domain owners or administrators implement a Domain-based Message Authentication, Reporting, and Conformance record, it means they publish it in the DNS and configure it so the addressees (receiving mail servers) can check incoming emails and verify the DMARC, DKIM, and SPF records.
When an email gets sent by a criminal spoofing your domain, the receiving mail server will check if the domain has a Domain-based Message Authentication, Reporting, and Conformance record. The objective is to verify if the sender truly is the domain it claims to be. Different tests take place at this moment through other DNS records also involved in the verification process (DKIM and SPF). DMARC will consider the results of the DKIM and SPF records’ verification tests to instruct which policy to apply to the incoming message.
There are three possibilities:
- Quarantine. If the message fails DMARC record authentication, it will be sent to the spam folder rather than the inbox.
- Reject. If the message fails DMARC record authentication, it will be blocked so it won’t reach the recipient.
- Do nothing. It indicates not to take any sort of action if the message fails DMARC record authentication.
Finally, once it is indicated what to do with the message, the receiving mail server will send a report, called DMARC Aggregate report, about the result of the message and more messages related to the same domain.
Benefits of DMARC record
Simplified email authentication
By adding a Domain-based Message Authentication, Reporting, and Conformance record, you are enabling standard and efficient email authentication for your domain.
Enhanced email security
DMARC record protects email recipients from spam, phishing, and other email abuses. It also prevents criminals from using your domain name to send spam or phishing emails.
Shielded reputation
The use of the Domain-based Message Authentication, Reporting, and Conformance record is a good sign! It helps you (the domain’s owner) to show other email servers that you are taking measures to protect them (and yourself) from spam and phishing attacks.
Conclusion
DMARC record is the ally you need to secure your business domain from spoofing and to protect recipients from email abuses and crime. Make it part of your security team right now!DMARC record: Definition and Benefits