What is DMARC?

Definition DMARC (Domain-based Message Authentication Reporting and Conformance) What is DMARC?
Domain-based Message Authentication Reporting and Conformance (DMARC for short) is a standard designed to curb the misuse of e-mails, such as spam or phishing e-mails. The standard works together with SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) and was developed at the instigation of large providers.

Companies on the subject

The abbreviation DMARC stands for Domain-based Message Authentication Reporting and Conformance. It is a standard that can be used to curb the misuse of e-mails. For example, it addresses authentication deficiencies when sending e-mails and thus reduces spam or phishing e-mails. The DMARC specification was developed at the instigation of large software companies and providers such as Google, AOL, Microsoft, Facebook, Yahoo and others.

In cooperation with procedures such as SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail), DMARC makes it possible to determine whether an e-mail actually comes from the specified sender. In addition, rules are communicated on how to deal with unauthenticated e-mails. For example, e-mails are deleted, rejected or moved to the spam folder. In addition, the recipient can inform the domain owner of the mail sender about the misuse and the problems with the authentication. DMARC is specified in RFC 7489 from 2015.

The goals of DMARC
Spam and phishing emails are a security risk, cost issue and nuisance in internet communication. It is often difficult for the recipients of the e-mails to recognise whether the message actually originates from the specified sender. Methods such as SPF or DKIM address this problem. DMARC, together with SPF and DKIM, aims to help senders and recipients of e-mails to protect themselves against e-mail misuse. The specification helps to identify whether a message actually originates from the specified sender and defines what to do with unauthenticated messages. So-called domain spoofing can be curbed by cooperation between the owners of the domains and the recipients of the e-mails. The main goals of DMARC are:

Give domain owners a way to signal that email authentication via SPF and DKIM is being used.
Provide domain holders with a feedback channel to report email abuse under their domain.
Provide a set of rules on how to deal with unauthenticated messages (delete, reject, quarantine or report).
Provide guidance to email recipients on how to authenticate the sending domain of an email.
Inform email recipients about the use of DKIM and SPF of a domain.
Inform email recipients of the domain owner’s preferences on how to handle unauthenticated messages
Provide email recipients with ways to provide feedback to the domain holder