1. Home
  2. Security Hardening
  3. Email
  4. What is Domain-based Message Authentication, Reporting, and Conformance (DMARC)

What is Domain-based Message Authentication, Reporting, and Conformance (DMARC)

DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. It is an email authentication protocol that helps protect against email spoofing and phishing.

DMARC builds on two existing email authentication mechanisms: Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM).

DMARC Components

Here’s a brief overview of each component of DMARC:

Domain-basedDMARC operates at the domain level, allowing domain owners to specify how their emails should be authenticated and handled.
Message AuthenticationDMARC leverages existing authentication mechanisms, SPF and DKIM, to validate that an email message actually comes from the purported sender and hasn’t been tampered with during transit.
ReportingDMARC includes a reporting mechanism that enables domain owners to receive reports on email authentication activity. These reports provide insights into how email is being handled for their domain, including information on legitimate and fraudulent email messages.
ConformanceDMARC allows domain owners to specify how receivers (mail servers) should handle emails that fail authentication. This helps prevent fraudulent emails from reaching recipients and allows legitimate emails to be delivered.

DMARC Record Tags

Here’s a brief overview of the DMAR record elements:

TagDescriptionExampleRequirement
v=Protocol versionv=DMARC1Mandatory
p=Policy specifiedp=none; p=quarantine; p=rejectMandatory
pct=Percentage of emails filtered by the policypct=50 (half of the emails will be subject to the policy specified)Optional
sp=Subdomain policySame as p=Optional
adkim=Alignment mode for DKIMadkim=s or admkim=r |

s means strict
r means relaxed
Optional
aspf=Alignment mode for SPFaspf=s or aspf=r

s means strict
r means relaxed
Optional
rua=Reporting URI for aggregate datarua=mailto:user@example.comOptional
ruf=Reporting URI for forensics dataruf=mailto:user@example.comOptional
fo=Failure reporting policyfo=0,1,d or s

0 is the default, means generate report of all fails
1 generate reports if any check fails
d generate report if DKIM fails
s generate report if SPF fails
Optional
rf=Format of failure reportingrf=afrf or rf=iodef

default is afrf
Optional
ri=Reporting interval in secondsri=86400 (24 hours)Optional

Example DMARC Record

Here’s an example of a DMARC record:

_dmarc.example.com. IN TXT "v=DMARC1; p=reject; rua=mailto:dmarc@example.com; ruf=mailto:dmarc-forensic@example.com; sp=reject; adkim=s; aspf=s"

Explanation of the elements in the example:

_dmarc.example.com.This is the DNS subdomain for which the DMARC record is set. It is typically prefixed with an underscore and is specific to the domain for which DMARC is being configured.
IN TXTIndicates that the record is a text record.
v=DMARC1Specifies the DMARC version being used. In this case, it’s version 1.
p=rejectIndicates the policy for handling email that fails DMARC authentication. In this example, it is set to “reject,” meaning that emails failing DMARC should be rejected.
rua=mailto:dmarc@example.comSpecifies the URI (email address) where aggregate DMARC reports should be sent. Aggregate reports provide information about the email authentication status for the domain.
ruf=mailto:dmarc-forensic@example.comSpecifies the URI (email address) where forensic DMARC reports should be sent. Forensic reports provide detailed information about individual failed authentication events.
sp=rejectSpecifies the policy for subdomains. In this example, it is set to “reject,” meaning that the same DMARC policy applies to subdomains.
adkim=sIndicates the alignment mode for DKIM (DomainKeys Identified Mail). It is set to “strict” alignment.
aspf=sIndicates the alignment mode for SPF (Sender Policy Framework). It is set to “strict” alignment.

Implementing DMARC gives domain owners greater control over their email authentication policies and reduce the likelihood of phishing attacks that rely on impersonating legitimate senders. It provides a framework for email senders to authenticate their messages and for receivers to properly handle emails based on the sender’s authentication status.

Combining DMARC with DKIM and SPF provides a more comprehensive approach to email authentication, helping to enhance the security of email communications.

Updated on December 27, 2023
Was this article helpful?

Related Articles

Need Support?
Can’t find the answer you’re looking for? Don’t worry we’re here to help!
Email: support@noc.org