The InterNetX Blog provides you with news and background information on innovations concerning domains, servers, SSL and other industry-related topics.

DMARC | protect your brand against email spoofing

DMARC is a prerequisite for acquiring a Verified Mark Certificate (VMC). Alongside SPF and DKIM, DMARC is an additional security feature for email communication. But what does DMARC do and does it offer advantages for brand protection? Who can use it? And how does one implement a DMARC entry?

Sicher vor E-Mail Spoofing mit DMARC

What does DMARC mean and what does it do? DMARC stands for “Domain-based Message Authentication, Reporting and Conformance”. It was jointly designed by Microsoft, Google, PayPal and Yahoo.

An SPF record determines which IP address an email from a domain may be sent from and DKIM ensures that the email is unchanged. DMARC is used to regulate how emails are handled that do not fulfill either of these requirements (SPF or DKIM). Companies can define their own specifications with DMARC – something that could previously only be defined by the provider (SPF/DKIM). This ensures an established verification of emails and their authenticity. The only prerequisite is that the receiving mailbox provider has implemented and performs this verification. The IETF has already submitted DMARC for standardization. The relevant RCF can be read in RCF 7489.

Does using DMARC hold any advantages for companies?

With DMARC, companies can complete the authorization chain for email delivery and monitor  irregularities. Over and above this, there are a number of further advantages that this scalable mechanism for emails offers:

  1. Security
    An optional reporting feature allows the visualization of domain abuse cases for the first time, greatly assisting the monitoring of company reputation and delivery trends.
  2. Transparency and control
    DMARC creates transparency and enables control over all email channels.
  3. Increased deliverability
    With DMARC, transmission is improved by verifying the email and sender. In addition, the command sequence on delivery is optimized with further instructions.
  4. Brand protection
    DMARC prevents email phishing attacks and protects the company brand against such abuse.

With the implementation of DMARC, companies can benefit from four key advantages, as explained by DigiCert.

Who can use DMARC?

In principle, the use of DMARC is available to all domain owners, on the condition that the responsible ISP supports DMARC. The administrator of the receiving mailbox must also support DMARC. An SPF and DKIM record are respectively required in order to create a DMARC record.

Code signing authenticates and verifies software applications. We explain the technology behind digital certificates and present the best practice for digitally signing your applications.

How is DMARC implemented?

The implementation of DMARC mainly takes place via a TXT record in the domain zone. Let’s take a step-by-step look at the process.

  • Decide whether DMARC should be used for the email traffic going over the main domain or over one of its subdomains. To protect your brand optimally, we recommend using the primary domain.
  • Make sure that the essential “DMARC Identifier Alignments” or “Domain Alignments” (SPF and DKIM) have already been implemented in the target domain. If necessary, set these up first. With regard to SPF and DKIM records, take into account any additional email channels, such as email via another email service provider or via your own infrastructure. This is important to avoid DMARC unintentionally blocking these channels.
  • Set up an email address to receive the DMARC reports.
  • Create the TXT record in the domain zone. An example of this is:
_dmarc TTL IN TXT  "v=DMARC1;p=policy;pct=100;”

More detailed explanations of the respective specifications can be found on the official DMARC page.

Why domain experts use AutoDNS

You can easily create resource records like DMARC for your entire domain portfolio via AutoDNS, the domain platform developed by InterNetX. Related products like TLS/SSL or S/MIME certificates and name servers can also be managed in AutoDNS. Speak to our Partner Managers for more information about our products and solutions.