DMARC – Defined
A group of large, influential organizations, including Google, Yahoo, Facebook, Microsoft, LinkedIn, Bank of America, ReturnPath Fidelity, among others have banded together to begin to solve an on-going issue related to email authentication. They created a working group called DMARC (Domain based Message Authentication, Reporting and Conformance). This group is tasked with helping to reduce abuse of email through phishing and spam by addressing issues related to email authentication protocols.
DMARC is tasked with standardizing how email receivers handle email authentication using the existing SPF and DKIM mechanisms. The goal is to provide a consistent process that senders can rely on to receive authentication results for their messages. Ultimately it is hoped that more senders will be encouraged to authenticate their outbound mail, making mail a more reliable communication tool for all email senders and receivers.
DMARC – It’s Importance
Spammers and phishers have become more emboldened to use email as a method to steal passwords, bank account information, credit card numbers and much more. Email, especially a sophisticated spoof, is a very easy method to accomplish this theft. Many email recipients are easily fooled by a well place logo of a trusted brand, giving the email, and its request, an instant legitimacy.
Users sometimes do not know a real message from a well-developed fake. Email providers
have to sometimes decide, on their own, what is real and what is not. This leads to good mails being blocked and bad emails getting through. Senders do not get much feedback on the status of their emails because there is no standard process for ISP’s to provide that feedback. DMARC provides that framework, allowing email senders to monitor the process and make adjustments, as necessary, to block undesirable email before it is sent. This protects email marketers, brands and email recipients from embarrassing and potentially destructive emails.
How Does it Work?
When a sender and receiver follow the DMARC policy, the send tells the receiver that their emails are protected by SPF and/or DKIM. They also tell the receiver how to handle emails if neither of those methods are able to authenticate those emails: junk or reject. This eliminates the guesswork on the receivers end on what is good or bad email. DMARC also provides a framework for the receiver to provide feedback to the sender on the status f the email, allowing the sender to adjust their processes or evaluate their outgoing emails.
Have you been affected by DMARC and its goal of eliminating
spammers and phishers?