Importance of DMARC
despite having SPF and DKIM implemented:
DMARC has two major purposes:
- Gives you visibility of your outgoing emails by defining to the recipient where to send back aggregate or forensics reports of what happened when they received your email. The information on the reports includes where your email came from (IP), if it was authorized by your SPF, and if it had the digital signature (DKIM) on it. From this information, you can further understand your genuine email outgoing environment and accordingly enhance your overall outgoing email setup of SPF and DKIM.
Enables you to define your policy for the action you want the recipient to take on emails that do not pass SPF and DKIM checks.
How to Implement DMARC?
Configure the DNS with the following TXT record(DMARC) for your domains:
v=DMARC1; p=none; rua=mailto:email@example.com
This means that the DMARC is enabled with policy set to ‘none’and aggregate reports mailed to DMARC360 platform.
The reports generated can be analyzed on the DMARC360 platform which helps to identify & authorize your genuine email sources which result in eliminating email impersonations.
The second stage is to configure/enhance the SPF and enable DKIM based on the information gathered from stage one. This stage may take a day to a week based on who is managing your DNS record and what change management policy you have in place.
Once you have configured rightly the SPF and DKIM, stage three is about taking the DMARC policy to quarantine. This is where you want the recipient to still accept your SPF and DKIM non-conform emails but with caution. The purpose is to further ensure that you may not have missed any scenarios of your genuine emails.
This stage may last from 2 to 8 weeks depending on the volume of your outgoing emails. Stage three ensured no impact by the DMARC policy on your legitimate emails, enabling us to implement the reject policy in stage four with caution over a period of one to four weeks. This takes you to %100 DMARC compliant.