In the previous articles, we talked about the importance of authenticating emails via DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF). These two methods verify whether or not an incoming message really does originate from the sender it claims to have come from. If the message is legitimate, it should go through with no problem. But what if it fails either or both the DKIM and SPF authentication checks? That’s where DMARC enters the picture. As you will see later on in this article, DKIM, SPF, and DMARC are connected, so all three of them should be an integral part of your email security strategy.
By definition, DMARC authenticates emails against the DKIM and SPF protocols to protect against direct domain spoofing. For SPF, DMARC matches the domain name of the envelope sender with the domain name of the header sender. For DKIM, DMARC matches the domain name of the header sender with the domain name in the DKIM signature. This part of the DMARC process is called alignment. Simply put, DMARC aligns the domain names as a way to verify authenticity. Alignment can be strict (whole domain names should be identical) or relaxed (only organizational domains have to match).
A message is considered legitimate if it passes either the initial DKIM authentication and succeeding alignment, or the initial SPF authentication and succeeding alignment. If the message fails both checks, it is considered a fraudulent message. DMARC allows legitimate senders to tell email providers to either completely block a fraudulent message from reaching any part of the recipients’ inboxes, or accept it but send it straight to the recipients’ spam folder. Senders can also choose not to do anything and just go into monitoring mode. Some choose this option to give them the opportunity to study the activity of fraudulent messages using their brand. If your organization is prone to being spoofed by spammers, having DMARC enabled is a good idea because it lets you dictate what happens to messages pretending to come from your organization.
The other aspect of DMARC is reporting. When DMARC is enabled, senders receive aggregate reports about the messages that went through the DMARC evaluation, as well as their pass/fail statuses. These reports don’t contain information about what’s in the messages, but they do carry something more important, and that’s information about who sent the messages. The data in the reports can help you catch the perpetrators behind fraudulent messages using your organization’s brand.
DMARC rounds up the currently available methods for email authentication, along with DKIM and SPF. The good news is that Paubox Email Suite Plus can perform all three as part of the hundreds of checks it makes against incoming emails. But we know how fast spammers’ tactics evolve, so your inbox can never be too safe. As previously mentioned in other posts, there are ways to get around to DKIM and SPF, which makes it possible to bypass DMARC, too. For added protection, your inbox needs the advanced threat detection features Paubox Email Suite Plus offers, like ExecProtect which stops display name spoofing attacks from reaching users. You can see ExecProtect in action for yourself with a free 14-day trial.