Would you like to know what DMARC is and how it works? This article provides the answer to these and other frequently asked questions on DMARC.
What is DMARC?
DMARC stands for Domain-based Message Authentication, Reporting and Conformance and is a method for protecting e-mail traffic. Unfortunately, scammers often send fake e-mails that appear to come from a trusted sender in an attempt to gain access to confidential data or spread malware. This type of scam is also referred to as phishing.
With DMARC, domain owners can set policies that instruct recipient mail servers on how to handle e-mails that do not actually originate from their domain. This makes it harder to deliver fraudulent e-mails and increases e-mail security.
How does DMARC work?
DMARC relies on two technologies, namely SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail):
- SPF defines which mail servers are authorized to send e-mails for a specific domain.
- DKIM is used to check whether e-mail content has been tampered with.
By implementing DMARC, domain owners can specify how e-mails that fail the SPF and DKIM checks should be handled. DMARC therefore requires valid SPF and DKIM records. Depending on the configured DMARC policy, e-mails that fail the checks can either be rejected by the recipient’s mail server, sent to the spam folder or delivered anyway.
What are the benefits of DMARC?
DMARC offers the following benefits:
- Protection against e-mail fraud: DMARC helps to prevent e-mail spoofing, a tactic used by scammers to send fake e-mails that appear to come from your domain.
- Improved e-mail deliverability: By implementing DMARC, your e-mails are less likely to end up in the recipient’s spam folder.
- Trustworthiness of your domain: By using DMARC, you are demonstrating to the outside world that you adhere to security standards and protect your data. This can increase the trustworthiness of your domain.
Overall, DMARC therefore helps increase the security and integrity of your e-mail communication.
Some major providers (such as Google and Yahoo) even require senders to use DMARC if they want to send bulk mail to customers.
What is a DMARC policy?
A DMARC policy defines what should be done with e-mails that fail the SPF and DKIM checks. Communicated via the DNS zone of the sender domain, the policy therefore instructs recipient mail servers on how to handle such messages.
There are three policies to choose from:
- None: The e-mails are delivered as usual and displayed in the recipient’s inbox, regardless of the result. This option is not available at Hostpoint
- Quarantine: The e-mails should be accepted by the recipient’s mail server, but sent to the spam/junk folder.
- Reject: The e-mails should be rejected by the recipient’s mail server and should not be delivered. Senders are generally notified of delivery failures.
At Hostpoint, the “Quarantine” policy is configured by default.
The guideline can be changed in the Hostpoint Control Panel under “Domains” > “Edit” > “E-mail security” > “DMARC policy”.
How is a DMARC record structured?
When DMARC is enabled, a DMARC record is automatically added to your DNS zone. Unlike other records, this cannot be edited in the DNS editor.
A DMARC record is structured as follows:
_dmarc.your-own-domain.ch 300 IN TXT "v=DMARC1;p=quarantine;"
Element | Example | Explanation |
---|---|---|
Name | _dmarc.your-own-domain.ch | The name matches the following pattern: _dmarc.[domain]
|
TTL | 300 |
The TTL (time to live) defines how long a DNS record is cached. |
Class | IN | Internet |
Type | TXT | DMARC information is stored in a text record (abbreviation “TXT”). |
Value | "v=DMARC1;p=quarantine;" |
The actual DMARC policy:
|
How do I activate DMARC for my domain?
DMARC will be activated automatically for domains assigned to a web hosting or Cloud Office group from August 2024. In all other cases, DMARC must be activated manually. Find out how this works in the guide to activating DMARC.
For support requests please use this form instead.