What is a DMARC?
Domain-based Message Authentication, Reporting, and conformance (DMARC) is a widely recognized email protocol that helps people and businesses protect their email addresses and domains from misuse by third parties. It helps identify that an email you send is from the real you. This email authentication method protects senders and recipients from phishing, spamming, and spoofing.
Example
An example of a DMARC policy in DNS records might look like this:
_dmarc.example.com. IN TXT “v=DMARC1; p=reject; rua=mailto:dmarc@example.com; ruf=mailto:dmarc@example.com; sp=reject”
In this example:
- v=DMARC1 indicates that this is a DMARC version 1 policy.
p=reject specifies that any email failing DMARC authentication should be rejected. - rua=mailto:dmarc@example.com specifies an email address to which aggregate reports should be sent.
- ruf=mailto:dmarc@example.com specifies an email address to which forensic (failure) reports should be sent.
- sp=reject determines that any email failing SPF authentication should also be rejected.
With this DMARC policy, email receivers can enforce strict authentication checks on incoming emails from the example.com domain. If an email fails DMARC authentication, it can be rejected or handled according to the policy specified by the domain owner, helping to prevent email fraud and improve email security.