DMARC Policy

1. What is a DMARC Policy?

DMARC, or Domain-based Message Authentication, Reporting, and Conformance, represents
a robust email authentication protocol. It allows domain owners to declare how their emails
should be authenticated using SPF and DKIM, and what actions should be taken if
authentication fails. This standard aims to combat email phishing and fraud by providing a
comprehensive framework for email authentication and reporting.

It is designed to give email domain owners the ability to protect their domain from
unauthorized use, commonly known as email spoofing. The purpose and primary outcome of
implementing DMARC is to protect a domain from being used in business email compromise
attacks, phishing email, email scams and other cyber threat activities.
2. How do DMARC Policies Work?
DMARC integrates Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) into
a unified policy framework. When an email is received, the recipient server checks the sender's
DMARC policy in the DNS. If SPF or DKIM authentication fails, DMARC instructs the recipient
server on how to handle the email – whether to deliver it, quarantine it, or reject it. DMARC
also includes reporting mechanisms, generating aggregate and forensic reports, which aid
domain owners in understanding how their domain is being used and potentially misused.

3. Why Should Companies Add a DMARC Policy to Their Domain?

Implementing DMARC is imperative for companies due to the following reasons:

• Phishing Mitigation: DMARC significantly reduces the risk of phishing attacks by

ensuring that emails from a domain are legitimate and sent only from authorized
servers.
• Brand Protection: A DMARC policy safeguards a company's brand reputation by
preventing malicious actors from impersonating the brand through unauthorized email
channels.
• Email Deliverability: By reducing the likelihood of legitimate emails being marked as
spam, DMARC improves overall email deliverability.
4. How Do Companies Implement a DMARC Policy on Their Domain?
The implementation of DMARC involves a phased approach:

• Policy Definition: Choose the desired policy action for failed authentications (none,
quarantine, or reject).
• DNS Record Update: Publish the DMARC policy in the DNS records for the domain using
a specific TXT record.
• Gradual Enforcement: Start with a "none" policy to monitor and analyze email flows
without affecting email delivery.
• Policy Adjustment: Based on monitoring results, gradually transition to "quarantine" or
"reject" mode for stricter enforcement.

5. How Does the DMARC Record Syntax Work?

The DMARC record is a TXT record in the DNS with a structured syntax:

• v (Version): Specifies the version of the DMARC protocol being used.

• p (Policy): Declares the policy for failed authentications (none, quarantine, reject).
• rua (Aggregate Reporting): Identifies the email address to which aggregate XML reports
should be sent.
• ruf (Forensic Reporting): Specifies the email address to which forensic reports,
containing details about individual messages, should be sent.
• pct (Percentage): Sets the percentage of messages subjected to the DMARC policy.
Example DMARC record:

v=DMARC1; p=reject; rua=mailto:agg-reports@example.com; ruf=mailto:forensic-

reports@example.com; pct=100

References:

https://dmarc.org/overview/
https://www.dmarcly.com/blog/everything-about-a-dmarc-record
https://mxtoolbox.com/dmarc/details/what-is-a-dmarc-record

Priyesh Singh
Cyber Security Intern