Test Altospam’s solutions!
Thousands of companies, CTOs, CIOs, CISOs and IT managers already trust us to protect their e-mail against phishing, spear phishing, ransomware, …
What do you need to know about DMARC?
DMARC protocol details
The Domain-based Message Authentication Reporting and Conformance ( DMARC) standard is a protocol for protecting messaging domains. Its mission is to identify and divert e-mail spoofing techniques. These are used to compromise professional e-mail and for phishing. This is why the DMARC protocol is used to ensure the security and authenticity of corporate e-mail messages.
Introducing the DMARC standard
DMARC is an authentication, policy and reporting protocol used by organizations to protect their e-mail channels. Its role is to combat phishing and rogue e-mails. To do this, it authenticates email senders and gives indications to the recipient’s anti-spam software. It is defined by RFC 7489.
It should be pointed out that the DMARC standard initially set up a system in which recipients and senders had a uniform technique for interpreting e-mails from domains supporting the SPF and DKIM protocols. This system enabled companies to share their policies on how to analyze authenticated e-mail. It also enabled receivers to send an authentication report to company mailboxes. This enabled them to improve and control their authentication system. In this way, unsolicited messages are blocked in the spam folders of the mailbox.
The aim of this initial standard was to develop a common standard for several companies. As a result of this experiment, the DMARC specification was published in January 2012 to protect your domain name from identity theft. Indirectly, this allows you to block emails that do not comply with your security policy, and to increase the deliverability of your legitimate emails.
DMARC is adopted by a large number of messaging providers to secure the global email ecosystem.
When is DMARC used?
An organization can protect itself with DMARC in a number of situations. Here are just a few examples:
– Domain spoofing: this is the appropriation of an organization’s domain to legitimize the emails it sends;
– Phishing e-mails: this refers to e-mails that encourage Internet users to install malware or provide their login details. This type of email is called phishing email;
– Impostor email: sent to an inbox by an impostor to make it appear legitimate;
– Partner spoofing: a fake e-mail between supply chain collaborators. Its purpose is to modify payment details in order to deceive the recipient;
– Business email compromise (BEC) or president scam: this term is used to refer to an email that comes from one of the company’s executives. He uses it to ask for money or confidential information to be sent.
How important is the DMARC protocol?
Companies with mailboxes need the DMARC standard to protect against phishing and spoofing. It prevents messages from being considered spam.
Email security is built around several authentication protocols to protect an organization against various attacks. These protocols prevent e-mails from being marked as spam. These are :
– Sender Policy Framework (SPF): a protocol for validating the server sending an e-mail. It detects and blocks emails that do not comply with the instructions specified by the sending domain;
– DomainKeys Identified Mail (DKIM) : this standard is used to detect modifications and integrity defects in email. To do this, it adds an electronic signature to each mail to help the receiving server verify that the outgoing message is the work of the company;
– Domain-based Message Authentication Reporting and Conformance (DMARC ): this e-mail validation system helps combat phishing, by validating SPF and DKIM policies published by the sender.
It should be noted that the DMARC standard is used to check that a company’s outgoing messages comply with SPF or DKIM protocol controls. It also provides a method of email authentication, specifying what to do in the event of non-compliance with SPF and/or DKIM protocols. This enables e-mail administrators to effectively combat hackers who impersonate organizations and their domains.
DMARC is also important for receiving reports from mail servers. These consist of information needed to identify possible authentication problems and malicious activity.
How do I configure DMARC?
DMARC configuration enables a company to monitor its domains and any unwanted messages that could damage its reputation.
To set up a relevant DMARC configuration, you must first have an SPF and DKIM policy defined for the domain. All you need to do is add a TXT record to the domain’s DNS to define your DMARC policy.
Here’s an illustration:
v=DMARC1; p=quarantine; rua=mailto:dmarc_rua@domain.tld;
The essential elements are :
“v=DMARC1” – DMARC version number. For the moment, only DMARC1 is used.
“p=” – Definition of the policy to be applied in the event of SPF and DKIM errors. The choice is between “none” (no action), “quarantine” (quarantine) or “reject” (reject the message).
“rua=” – Destination address for reports issued by recipients.
You can find all the possible parameters on the DMARC Wikipedia page. Or directly on the official protocol website: https: //dmarc.org/overview/
How does the DMARC protocol work?
DMARC relies on SPF and DKIM to authenticate an e-mail. SPF allows the recipient and sender to verify that an e-mail comes from an IP address authorized by the domain administrator. DKIM adds a digital signature to e-mails.
When a message is received, the recipient server applies SPF and DKIM checks to determine its legitimacy. It will then read the DMARC policy published by the issuer and apply the desired control accordingly:
– No change if the policy is “no”.
– Degradation of deliverability if the policy is “quarantine”.
– Reject the message if the policy is “reject”.
How do you connect DMARC to your e-mail service?
To get started with DMARC, you need to publish a DNS record presenting the policy.
This record will take the form of a TXT record named : _dmarc.votre-domaine.fr
The contents of this record can be generated manually, following the steps outlined in this article, but there are also several sites offering to generate this record for you. Scoot Kitterman’s website: https: //www.kitterman.com/dmarc/assistant.html
Last but not least, a wide range of commercial services will support you in setting up and validating your DMARC registration, as well as monitoring reports issued by recipients. These include :
– https://dmarc.com/
– https://dmarcadvisor.com/
– https://dmarcian.com/
– https://easydmarc.com/
– https://www.mailhardener.com/
– https://www.uriports.com/
By configuring your domain in this way, you can prevent your e-mails from being marked as spam in your recipients’ mailboxes.
