What is DMARC?

DMARC creates a common framework using both SPF and DKIM protocols for authentication It specifies whether a domain is using SPF, DKIM, or both protocols for authentication.

One main benefit of employing a DMARC policy is that senders receive DMARC reports, which provide the following information:

• Which servers and third parties are sending mail to your specific domain.
• The ratio of emails that pass DMARC.
• What servers or third parties are sending emails that failed DMARC.
• What procedures receiving mail servers take on unauthenticated emails.

The three DMARC p= policies are:

• p=none - Take no action. Treat the email as if there were no DMARC validation.
• p=quarantine - Accept the email but send it to a junk/spam folder instead of the inbox or isolate the suspicious message for further inspection.
• p=reject - Stop delivery of the email to any folder and the sender will be informed why the email is not getting delivered.

If your organization manages to execute a successful DMARC policy, you’ll have an effective way to stop most phishing emails.