Professional Documents
Culture Documents
Dmarc Policy
Dmarc Policy
It is designed to give email domain owners the ability to protect their domain from
unauthorized use, commonly known as email spoofing. The purpose and primary outcome of
implementing DMARC is to protect a domain from being used in business email compromise
attacks, phishing email, email scams and other cyber threat activities.
2. How do DMARC Policies Work?
DMARC integrates Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) into
a unified policy framework. When an email is received, the recipient server checks the sender's
DMARC policy in the DNS. If SPF or DKIM authentication fails, DMARC instructs the recipient
server on how to handle the email – whether to deliver it, quarantine it, or reject it. DMARC
also includes reporting mechanisms, generating aggregate and forensic reports, which aid
domain owners in understanding how their domain is being used and potentially misused.
• Policy Definition: Choose the desired policy action for failed authentications (none,
quarantine, or reject).
• DNS Record Update: Publish the DMARC policy in the DNS records for the domain using
a specific TXT record.
• Gradual Enforcement: Start with a "none" policy to monitor and analyze email flows
without affecting email delivery.
• Policy Adjustment: Based on monitoring results, gradually transition to "quarantine" or
"reject" mode for stricter enforcement.
References:
https://dmarc.org/overview/
https://www.dmarcly.com/blog/everything-about-a-dmarc-record
https://mxtoolbox.com/dmarc/details/what-is-a-dmarc-record
Priyesh Singh
Cyber Security Intern