DMARC
Phishing is a systemic risk which impacts everyone. Phishing is a social engineering attack in which a fraudulent
email message is sent and appears to be coming from a legitimate organization or user. The goal of this attack is to
either steal personal identifiable information (i.e. usernames, passwords, bank or credit card information), to
orchestrate fraud (false wire transfer requests) or to infect systems with malware, such as ransomware or a
keylogger.
One difficulty for users when it comes to phishing is to determine whether or not the message came from a
legitimate organization. Did the email come from a government agency, your bank or insurance company?
Spammers are able to spoof the "From" address on mail messages, resulting in the recipients trusting the mail
message. DMARC is a solution which can prevent this and help to remove email fraud.
What is DMARC?
DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol,
which includes a reporting function that allows senders and receivers to improve and monitor protection of the
domain from fraudulent email. Implementation of DMARC will prevent Spammers from spoofing the "From"
address on mail messages. Depending on the DMARC policy settings, any mail messages originating from an
unauthorized mail server will be either quarantined or rejected. Thus leading to all spam and phishing messages
using an organizations domain name will be quarantined or deleted before they reach their destination (employee
or home user). The reports generated can then be used for intelligence or possible for law enforcement (if the
activity is criminal in nature) purposes.
(Image Source: Gov.UK1)
DMARC builds upon the existing authentication protocols SPF and DKIM. DMARC policy is triggered when SPF and
DKIM both fail to yield authentication that is relevant to the "From" address of a given piece of email. The DMARC
1 Guidance: Domain-based Message Authentication, Reporting & Conformance (DMARC) -
https://www.gov.uk/government/publications/email-security-standards/domain-based-message-authentication-reporting-and-conformance-
dmarc
, 2
policy will not be triggered unless a message fails SPF and/or DKIM checks. DMARC relies upon these technologies
to ensure integrity of the mail messages.
What is SPF?
SPF stands for Sender Policy Framework. This policy is responsible for preventing the sender address from being
spoofed. This is done by defining which mail servers are authorized to send mail on behalf of the organization’s
domain. If the mail server is not defined in SPF then the message is rejected or bounced.
(image source: Gov.UK2)
What is DKIM?
DKIM stands for DomainKeys Identified Mail. DKIM is a mechanism designed for the purpose of validating a
domain’s identity that is associated with a mail message by using authentication that uses asymmetric
cryptography. Basically, DKIM will authenticate a mail message by adding a digital signature to the message
header. It is important to note that DKIM does not filter mail messages. It will allow for SPAM filters to determine
the authenticity of the mail message being sent.
(Image Source: Gov.UK3)
2 Guidance: Sender Policy Framework (SPF) - https://www.gov.uk/government/publications/email-security-standards/sender-policy-
framework-spf
3 Guidance: DomainKeys Identified Mail (DKIM) - https://www.gov.uk/government/publications/email-security-standards/domainkeys-
identified-mail-dkim
DMARC_v3
Phishing is a systemic risk which impacts everyone. Phishing is a social engineering attack in which a fraudulent
email message is sent and appears to be coming from a legitimate organization or user. The goal of this attack is to
either steal personal identifiable information (i.e. usernames, passwords, bank or credit card information), to
orchestrate fraud (false wire transfer requests) or to infect systems with malware, such as ransomware or a
keylogger.
One difficulty for users when it comes to phishing is to determine whether or not the message came from a
legitimate organization. Did the email come from a government agency, your bank or insurance company?
Spammers are able to spoof the "From" address on mail messages, resulting in the recipients trusting the mail
message. DMARC is a solution which can prevent this and help to remove email fraud.
What is DMARC?
DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol,
which includes a reporting function that allows senders and receivers to improve and monitor protection of the
domain from fraudulent email. Implementation of DMARC will prevent Spammers from spoofing the "From"
address on mail messages. Depending on the DMARC policy settings, any mail messages originating from an
unauthorized mail server will be either quarantined or rejected. Thus leading to all spam and phishing messages
using an organizations domain name will be quarantined or deleted before they reach their destination (employee
or home user). The reports generated can then be used for intelligence or possible for law enforcement (if the
activity is criminal in nature) purposes.
(Image Source: Gov.UK1)
DMARC builds upon the existing authentication protocols SPF and DKIM. DMARC policy is triggered when SPF and
DKIM both fail to yield authentication that is relevant to the "From" address of a given piece of email. The DMARC
1 Guidance: Domain-based Message Authentication, Reporting & Conformance (DMARC) -
https://www.gov.uk/government/publications/email-security-standards/domain-based-message-authentication-reporting-and-conformance-
dmarc
, 2
policy will not be triggered unless a message fails SPF and/or DKIM checks. DMARC relies upon these technologies
to ensure integrity of the mail messages.
What is SPF?
SPF stands for Sender Policy Framework. This policy is responsible for preventing the sender address from being
spoofed. This is done by defining which mail servers are authorized to send mail on behalf of the organization’s
domain. If the mail server is not defined in SPF then the message is rejected or bounced.
(image source: Gov.UK2)
What is DKIM?
DKIM stands for DomainKeys Identified Mail. DKIM is a mechanism designed for the purpose of validating a
domain’s identity that is associated with a mail message by using authentication that uses asymmetric
cryptography. Basically, DKIM will authenticate a mail message by adding a digital signature to the message
header. It is important to note that DKIM does not filter mail messages. It will allow for SPAM filters to determine
the authenticity of the mail message being sent.
(Image Source: Gov.UK3)
2 Guidance: Sender Policy Framework (SPF) - https://www.gov.uk/government/publications/email-security-standards/sender-policy-
framework-spf
3 Guidance: DomainKeys Identified Mail (DKIM) - https://www.gov.uk/government/publications/email-security-standards/domainkeys-
identified-mail-dkim
DMARC_v3
