The Domain Based Message Authentication Reporting (DMARC) security email protocol leverages DNS and uses the Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) open protocols to verify email senders.
If a DMARC record check detects a misalignment between an email sender and the address as it appears to the recipient of the email, DMARC activates an administered protocol that tells the receiving server to accept the message, quarantine it, or reject it based on policy the sender defines.
As part of the validation process, DMARC gives the sender reports on who is attempting to use their domain to send messages. This visibility allows the sender to fine-tune their policy as new threats emerge. In this way, DMARC helps companies establish brand trust by reducing the threat of nonvalidated or fraudulent email.
Email was introduced as a way of sharing information between two known senders through an open network. It was typically from one trusted institution directly to another, so authentication didn’t seem necessary.
Today, email is open to vulnerability. Attackers impersonate both senders and domains to launch attacks such as spam and phishing that compromise business email. Successful breaches create some of the most serious and time-consuming challenges for IT security. But worse, they result in a loss of trust in email.
For years, the most common standards to defend networks against these attacks were SPF and DKIM. Both helped servers identify the validity of a sender, but they did not allow the sender to define what would happen if the sender was not found to be valid, which prevented domain owners from controlling the use of their brand.
Start by going into your DNS record and configuring your DKIM signing entity and SPF record for the IP addresses that have permission to email on your behalf.
Next, define your DMARC policy with a “monitor” action. Then simply review your DMARC reports to see who is passing the SPF, DKIM, and DMARC standards. Once you know who the approved senders are, you can bring them into compliance.
Periodically perform a comprehensive analysis of the messages to your receivers that are failing their DMARC authentication, and set a policy to quarantine or reject them.
At Cisco we believe in security above everything. We can help provide unparalleled visibility and workflow management into how to bring your email into DMARC compliance. We even can host the DNS records on your behalf.
Detect fraudulent senders with threat intelligence that adapts in real time to block business email compromise (BEC) and advanced phishing attacks.
Prevent attackers from using your company’s domain to carry out their phishing campaigns.