DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication standard that is used to prevent spoofing of legitimate emails that an organization sends.
DMARC builds upon the SPF and DKIM protocols, adding an improved method of verifying the author of an email using the From line domain name & already published email authentication standards (SPF, DKIM). In simple terms, DMARC has these functions:
DMARC Authentication Steps
Note: DMARC should be the last step in your email authentication process. A DMARC record should only be published after SPF & DKIM methods are setup and verified to be successful.
If you are new to DMARC, a starting DMARC record would be: v=DMARC1; p=none
This record basically says "I have a DMARC record. Don't do anything." This record is a valid, non-restrictive starting point that satisfies the DMARC part of the ISP/email client requirements.
If you wish to move beyond that, you'll want to first monitor reports for your domain for a while. Inbox providers like Google and Yahoo can send daily reports showing the emails they’ve received from your domains and whether or not these emails align with your DMARC policy.
These raw reports, for most of us, can be hard to read because they typically are XML files. We recommend using a DMARC monitoring tool to help you process reports, display data in a readable format, and help you determine if any action is required. These tools can also provide you with the information to add to your record so that the inbox providers send the reports to them directly.
Things to consider when researching DMARC monitoring tools:
- Experience level with email authentication & DMARC standards. You will find a range of simple services up to very advanced tools as well as self-serve and full-service products.
- The number of domains to be monitored. Typically DMARC tools charge by domain.
- Email volume. Many DMARC services provide tier-based pricing to accommodate low and high volume senders.
There are plenty of DMARC tools out there, here are a few examples from both ends of the spectrum:
Dmarc Digest (simple)