Top.Mail.Ru
DMARC — Postmypost
Log in
Sign up
RU EN
Log in Sign up
Glossary – DMARC

DMARC

Nikiforov Alexander
Friend of clients
Back

Contents

What is DMARC?

DMARC (Domain-based Message Authentication, Reporting & Conformance) is a protocol designed to protect users from spam and phishing attacks. It is an important tool for ensuring the authenticity of emails, allowing organizations to control which messages can be sent on their behalf and protecting their reputation.

Why is a DMARC policy needed?

A DMARC policy is necessary to combat phishing—a fraudulent practice aimed at stealing users' confidential data, such as logins and passwords. Malicious actors often use email, masquerading as well-known companies and sending messages from their domains. If users follow the instructions in such emails, they may lose personal data, and companies may lose their reputation. Setting up DMARC helps prevent such situations by ensuring that emails sent on behalf of the company are either rejected or marked as suspicious.

How does DMARC work?

DMARC is a protocol that defines the actions of the server in the case of failed DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework) checks. Proper DKIM and SPF records confirm that the email was indeed sent from the specified domain. Together with them, DMARC is responsible for email authentication, meaning verifying the sender's authenticity.

DKIM records contain encrypted data regarding who and when the email was sent. An email provider, such as Gmail or Mail.ru, decrypts this data using a public key published on the sender's domain. If the data matches, the email is considered to have been sent by a legitimate sender. SPF, in turn, determines whether a specific server is allowed to send emails on behalf of the given domain based on its IP address.

How to configure DMARC?

To configure DMARC, follow these steps:

  1. Go to the control panel of your website's hosting.
  2. Find the section for managing DNS records.
  3. Add a new DMARC TXT record.
  4. Save the changes.

An example record for a small website that does not engage in bulk mailing:

v=DMARC1; p=none;

DMARC record examples

Here are some examples of DMARC records and their meanings:

  • Example 1: for a site without bulk mailings: v=DMARC1; p=none;
  • Example 2: for sites with mailings that want to receive reports: v=DMARC1; p=none; rua=mailto:[email protected]
  • Example 3: reject all emails that failed the check: v=DMARC1; p=reject;
  • Example 4: reject all messages and send reports: v=DMARC1; p=reject; rua=mailto:[email protected]
  • Example 5: quarantine 30% of emails that failed the check: v=DMARC1; p=quarantine; pct=30

Which DMARC policy to choose?

When choosing a DMARC policy, it is important to understand the tasks you want to accomplish. The none policy allows tracking of emails, while quarantine moves suspicious messages to spam. The reject policy is the strictest and protects against all emails that failed the check. The choice of the appropriate policy depends on your level of trust in the sent messages and the presence of DKIM and SPF settings.