DMARC Authentication

DMARC authentication (Domain Message Authentication Reporting and Conformance) is a relatively new authentication standard that was established to block domain spoofing, in which an attacker uses your company's domain to impersonate someone working for the company.

DMARC includes two main components:

1. Reporting

   First, DMARC-enabled mail systems generate reports on all systems being used to send email from your domain. A DMARC reporting solution can help you both to set up a DMARC subdomain on your DNS record, and analyze these reports to determine which email senders are legitimate, and which appear illegitimate. You can then use these insights to configure the email authentication policies (DKIM and SPF) on all of your mail systems so that legitimate senders are recognized as such.

2. Screening

   Second, after you are confident that your legitimate mail systems correctly pass DMARC authentication, DMARC’s enforcement capability provides a mechanism to automatically reject emails that are not sent from your legitimate mail systems. This effectively prevents an attacker from spoofing your domain.

More than ninety-six percent of businesses have experienced domain spoofing, intended either to trick company employees, customers, or partners into sending sensitive information or transferring funds. Attackers may also spoof your domain in order to launch spam campaigns.

DMARC authentication can help prevent all forms of domain spoofing. It is required for all US government agencies and contractors (see requirement), and a growing number of countries, including the United Kingdom and Germany, have made it mandatory for all public institutions.

User training can help reduce your organization’s vulnerability to domain spoofing, but DMARC adds a strong layer of defense to keep domain-spoofing attempts from ever hitting your inboxes.

Domain Fraud Protection is a 100% cloud-delivered service that provides a comprehensive and intuitive solution for DMARC authentication. It gives you a simple three-step wizard to set up your DMARC record, and provides continuous visualization and monitoring of both legitimate email systems and domain-spoofing attempts. Domain Fraud Protection lets you drill down into specific mail systems, and even into specific email samples. This gives you visibility into all the mail systems in use in your organization, and helps you understand where domain-spoofing attacks are coming from.