What does DMARC mean, why is it important, and how does it work?
DMARC (Domain-based Message Authentication, Reporting and Conformance) is a protocol designed to give receivers better control based on domain reputations via publish policies to enforce domain rules against spam and phishing, building domain reputations in the process. In order to use DMARC, you must have an SPF record configured in the DNS zone. DMARC removes the guesswork for email recipients by potentially limiting or eliminating potentially fraudulent messages.
DMARC can be configured to send reports to the sender if their email message passes or fails an evaluation. We live in an era of high phishing, spam, and spoofing rates that are making DMARC more important than ever. DMARC tries to remedy the situation by allowing domain owners to show that they are using authentication (SPF and DKIM); get feedback based on reports sent by DMARC on activity on their domain by addresses using it legitimately or not; and to implement policies to apply to messages (pass, reject, report, or quarantine). DMARC doesn’t eliminate the need for additional forms of email analysis, but it does streamline the process by combining the efforts of both SPF and DKIM.
Email spoofing is where a malicious party will forge an email header so that the email appears to have originated from someone or somewhere else than the actual source. The goal of the spoofer is to obtain sensitive information, like banking information or passwords. Sometimes these emails will come with dire messages like "a security breach has occurred" and prompting you to take immediate action. The recipient clicks a malicious link which mimics the bank or other website official portal and enters in their credentials. This is called phishing and can occur along with spoofing. Once the malicious user has these pieces of sensitive information, fraudulent activity can occur. Both can introduce malware onto your system, like ransomeware. DMARC can reduce the threat of this by examining and verifying that the email message is authentic before you see it.
You have to have both SPF and DKIM configured first in order to set up and implement DMARC. Many senders use a complex environment where third parties are needed as providers. That being said, there are shortcomings in SPF and DKIM, namely the "10 address look ups only." DMARC addresses this by examining the Return path in addition to the envelope and headers. If all three match, it passes evaluation or alignment, however if any of them fail it can reject the email message depending on the policies it is set to implement in the DNS record. It is possible for a message SPF pass but fail DMARC alignment. From and Return path domains should be the same for SPF DMARC alignment.
The simplest way to configure DMARC is via txt entry in your DNS zone. Example of a DMARC record: =v=DMARC1;p=reject;pct=100;rua=mailto:firstname.lastname@example.org