What is DMARC and how to set it up¶
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a security protocol in email communication that helps protect against fraudulent emails and phishing. It mainly serves to:
- Verification of authenticity of email senders
- Protection against forgery of email addresses
- Setting rules for handling suspicious messages
It works by extending the two previous authentication protocols ( SPF and DKIM) and allowing the domain owner to:
- Define how emails that fail authentication should be processed
- Set whether such emails should be rejected, placed in spam or accepted
- Get reports on domain abuse attempts
DMARC thus significantly increases the security of electronic communications by preventing fraudsters from abusing corporate or organizational domains.
The structure of a DMARC record consists of several key parameters:¶
Protocol version:
- Always starts with
v=DMARC1
Policy for domains (p
):
p=none
- no actionp=quarantine
- quarantine suspicious emailsp=reject
- complete rejection of suspicious emails
Subdomain Policy (sp
):
- Allows you to set a specific policy for subdomains
- Values same as for parameter
p
Reporting (rua
):
- Defines the email address for sending summary reports about authentication
- Example:
rua=mailto:dmarc-reports@domain.tld
Evaluation percentage (pct
):
- Specifies the percentage of messages to which DMARC rules are applied
- Range 0-100
Example of a complete DMARC DNS record:
Name | Type | Content |
---|---|---|
_dmarc.domain.tld |
TXT |
v=DMARC1; p=reject; rua=mailto:dmarc-reports@domain.tld; pct=100 |
The recommended procedure for deploying DMARC:¶
Initial phase - monitoring:
- Set policy
p=none
- Turn on reporting
- Analyze incoming reports
- Identify legitimate senders
Transition phase - quarantine:
- Change to
p=quarantine
- Gradually limit suspicious emails
- Verify that legitimate senders are not blocked
Final phase - strict protection:
- Set
p=reject
- Completely reject fake emails
Key recommendations:
- Proceed slowly
- Evaluate reports carefully
- Regularly verify the settings of all email services
It is ideal to first set the policy to none
and monitor reports for at least 30-60 days before taking further steps.