There’s a huge problem with trust in the email system with the rise of spam, malicious messaging and phishing attacks. These attacks are seeing companies recording large losses when they fall victim to email compromises. So email security is a must.
This is where DMARC comes in.
What is DMARC?
DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. The formal standard was created by PayPal, Google, Microsoft, and Yahoo in 2012 to prevent email abuse. It was primarily adopted by the financial industry to improve email security including the authentication of emails and reduce the threat of cyber-attacks.
Now DMARC has been adopted on a much wider scale. Companies recognise that the protocol can improve email deliverability and instill trust in their brand. It also prevents legitimate emails from being marked as spam.
How It Works
DMARC builds on and links SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail) to protect your domains and prevent email spoofing.
Spoofing is a proven way to exploit the user trust of well-known brands. Criminals mask their identity by sending an email on behalf of a company’s domain. If you receive an email with a company logo on it, would you believe it was genuine? Many of us would but it’s easy to insert a logo so don’t take this as proof. Therefore, it is often difficult to spot a fake email from a real one for both recipients and email providers.
The DMARC protocol means that the senders and receivers are working together to determine if a mail is legitimately sent from the domain stated and what to do if it’s not.
The Technical Bit…
The SPF allows mail exchangers to verify email from a specific domain and is coming from an authorized IP Address. Domain Keys Identified Mail (DKIM) adds a signed header to the message and is secured with encryption. Both techniques refer to a TXT record from the sender domains DNS records which further builds trust between the sender and receiver.
DMARC combines the results of both techniques to verify an email was sent by the owner of the ‘Friendly-From’ domain. DMARC requires a PASS result from either SPF or DKIM, as well as one of the two aligned with the ‘Friendly-From’ address domain. SPF alignment is a match between the messages From-domain and its Return-Path domain. DKIM alignment is a match of the From-domain and DKIM TXT record domain. The email is considered compliant when the conditions are met.
DMARC allows you to instruct the recipient server on how to treat a mail that fails the DMARC email security standard.
DMARC Policies
There are three policies to choose from and a percentage can be applied to the two restrictive policies. (It is worth acknowledging that this instruction can be ignored, with a local policy applied. If the recipient server has good reason to do so, however, this goes against the collaborative process.)
The three DMARC policies are:
- None: ignore the DMARC validation.
- Quarantine: accept the mail, but do not place it in the recipient’s Inbox.
- Reject: reject the message completely.
The DMARC policy is applied in the company domain external DNS records. Entered as a TXT record, the record confirms that the messages are protected by SPF and DKIM, advises the action to take, and stipulates the email addresses for reporting.
A great additional benefit of DMARC is the ability to report on your sent email, as mail service providers will send reports to the email address stated in the DMARC TXT record. Detailed reports offer information to help identify possible authentication issues and malicious activity for messages from your domain.
DMARC software, such as Sendmarc, can then provide dashboards to summarise the information contained in these reports, which is useful for assessing the overall performance of DMARC, the volume of compliant mail, and the percentage quarantined or rejected.
Here is an example report from Sendmarc:
IT Naturally recommends implementing an email security system like DMARC as soon as you can.
Progressing through the different DMARC policies (none, quarantine and reject) can be a slow process, as companies will need to ensure that none of their legitimate emails are being restricted. This is particularly relevant for businesses that use third parties for mail services.
DMARC protocol is not yet an open standard by the Internet Engineering Task Force (IETF). We believe it will be. So we would suggest getting a working solution ready in place before business partners start demanding compliance.
Cybersecurity Awareness Month, October 2021 #BeCyberSmart