Domain-Based Message Authentication Reporting & Compliance (DMARC) is a security protocol for emails. This protocol checks e-mail senders based on protocols Domain Name System (DNS), Domainkeys identified mail (Dkim) and Sender Policy Framework (SPF). In this article, slightly more technical than usual, we will see in detail what the DMARCOL DMARCOLEwhat are his advantages and what he looks like concretely.

Dmarc, what is it?

Dmarc is the abbreviation of Domain-Based Message Authentication, Reporting & Compliance. This is a e-mail authentication protocolwhich uses the Sender Policy Framework (SPF) and the domainkeys identified mail (Dkim) to prevent the “domain usurpation And other malicious activities.

It is published in DNS records so that any receiving messaging server can authenticate incoming emails. He also details the sender's policies on how Unauthenticated emails must be treated by the ESPs (Email Service Providers).

It allows in particular to:

  • To the owner of a report In DNS recordings which security protocols (SPF, DKIM, or both) are implemented when sending emails from this area.
  • The sender can define How to treat outgoing emails that have not passed the SPF and/or DKIM authentication. He can either send them quarantine In spam, block them.
  • The sender can to watch the activity of his sending field thanks to detailed reports.

There are two aspects in a typical implementation of Dmarc : The publication of DMARC recordings on the side of the domain owner, and the application of DMARC policy and the establishment of reports on the side of the receiving messaging server. These two parts must collaborate for Dmarc to take effect.

On the side of the domain ownerhe publishes a DMARC registration in the field in the DNS with the appropriate parameters, mainly DMARC policy and the overall report of the recipient mailboxes. DMARC policy has three options, which indicate how the receiving messaging server must treat the Unauthenticated emails : none (surveillance), quarantine and rejection.

On the mail server side receiverwhenever an email pretending to come from this area arrives, the server calls the DMARC module To verify the email on the basis of the IP address of the connection host, the address of the envelope, the address of the header and the tag D = in the DKIM signature, if applicable. The result is called Dmarc authentication resultwhich can be a success or a failure. If the result is a failure, the server consults the DMARC policy to find out how to process the electronic message. Here's how Dmarc treats messages electronic not authenticated ::

  1. None (surveillance): This is the monitoring mode, which means that nothing is done for unauthenticized electronic messages. This mode is mainly used to request aggregated DMARC reports, so that the owners of domains have a clear idea of ​​what e-mail flows look like;
  2. Quarantine : This is the Quarantine mode, in which an unauthenticated email is placed in the spam folder; This is a stricter mode than the surveillance mode, since the end user benefits from a certain protection;
  3. Dismiss : This is the rejection mode, which is the strictest of the three. In the rejection mode, any non -authenticated email is purely and simply rejected during the SMTP session, so that it never reaches the mailbox of the end user, or even the spam folder. The result is that the end user will never see an unauthenticized email.

See the DMARC explained in video

What are the advantages of the DMARC protocol?

There are some essential reasons for which you should implement The DMARC protocol:

  • Reputation : The publication of a DMARC registration protects your brand by preventing non -authenticated parts from sending emails from your field. In some cases, the simple publication of a DMARC registration can lead to an increase in reputation.
  • Visibility : DMARC reports increase the visibility of your email program by allowing you to know who sends emails from your field.
  • Security : DMARC helps the messaging community to establish a coherent policy to process messages that do not authorize themselves. The messaging ecosystem as a whole becomes safer and more reliable.

What does a DMARC recording look like?

You can see what looks like A DMARC recording By typing in your terminal. You can also go to https://www.valimail.com/ to see the DMARC recording for any field if they have published.

Here is an example of DMARC recording for the Churchill agency:

v = dmarc1 \; p = none \; rua = mailto: dmarc@agence-churchill.fr \; ruf = mailto: dmarc@agence-churchill.fr \; rf = afrf \; pct = 100

Let's decompose it…:

  • “V = Dmarc1”
    Version – these are the identifier that the receiver server is looking for when he analyzes the DNS recording of the domain of which he received the message. If the domain does not have No TXT recording Starting with v = dmarc1, the receiver server will not perform No DMARC verification.
  • “P = none
    Politics – the policy you select in your DMARC registration will indicate to the recipient's messaging server What to do with email Who does not pass SPF and DKIM, but who claims to come from your domain. In this case, the policy is defined on “none”.
  • “Rua = mailto: dmarc@agence-churchill.fr”
    This part noted to the receiver server where to send THE reports of the DMARC failures. The reports are sent daily to the administrator of the domain to which the DMARC registration belongs. They contain information on DMARC failures But do not provide details on each incident. It may be the email address of your choice.
  • “RUF = mailto: dmarc@sendgrid.com”
    This part indicates to the receiver server where to send THE expert reports of the DMARC failures. These reports are sent in real time to the Domaine administrator to which DMARC registration belongs and contain details on each failure. This email address must come from the domain for which DMARC registration is published.
  • “RF = AFRF”
    Report format – this part noted to the receiver server The type of report desired by the receiver. In this case, RF = AFRF means AGGREGATE FAILURE REPORTING FORMAT.
  • “PCT = 100”
    Percentage – this part indicates to the reception server what proportion of his mail must be submissive to specifications of DMARC policy. You can choose any number between 1 and 100. In this case, if the P = is defined on reject, 100% of the mail that fails in Dmarc will be rejected.

There are a number of other mechanisms that can be included in a recording Dmarc. Here are some:

  • “SP =” This part indicates to the receiver server if or not to apply DMARC policy to sub-domains.
  • “Adkim =” This part defines the alignment DKIM. It can be defined on “S” for strict or “R” for relaxed. Strict means that the DKIM part of DMARC authentication will only pass if the D = of the DKIM signature corresponds exactly to the departure area. If it is defined on “Relaxed”, the messages will pass the DKIM part of DMARC authentication if the DKIM D = field corresponds to the Domaine Racine of the departure address.
  • “Ri =” This parameter defines the frequency interval to which you wish to receive global reports on DMARC failures.
A web project? Let's talk about it! Free audit