What is DMARC, and how does it combat phishing?
- DMARC is a way to make it easier for email senders and receivers to determine whether or not a given message is legitimately from the sender, and what to do if it isn’t. This makes it easier to identify spam and phishing messages, and keep them out of peoples’ inboxes.
- DMARC is a proposed standard that allows email senders and receivers to cooperate in sharing information about the email they send to each other. This information helps senders improve the mail authentication infrastructure so that all their mail can be authenticated. It also gives the legitimate owner of an Internet domain a way to request that illegitimate messages – spoofed spam, phishing – be put directly in the spam folder or rejected outright.
Why is DMARC needed?
End users and companies all suffer from the high volume of spam and phishing on the Internet. Over the years several methods have been introduced to try and identify when mail from (for example) ENMAIN.COM really is, or really isn’t coming from the ENMAIN. However:
- These mechanisms all work in isolation from each other
- Each receiver makes unique decisions about how to evaluate the results
- The legitimate domain owner (e.g. ENMAIN) never gets any feedback
DMARC attempts to address this by providing coordinated, tested methods for:
Domain owners to:
- Signal that they are using email authentication (SPF, DKIM)
- Provide an email address to gather feedback about messages using their domain – legitimate or not
- A policy to apply to messages that fail authentication (report, quarantine, reject)
Email receivers to:
- Be certain a given sending domain is using email authentication
- Consistently evaluate SPF and DKIM along with what the end user sees in their inbox
- Determine the domain owner’s preference (report, quarantine or reject) for messages that do not pass authentication checks
- Provide the domain owner with feedback about messages using their domain
A domain owner who has deployed email authentication can begin using DMARC in “monitor mode” to collect data from participating receivers. As the data shows that their legitimate traffic is passing authentication checks, they can change their policy to request that failing messages be quarantined. As they grow confident that no legitimate messages are being incorrectly quarantined, they can move to a “reject” policy.