DMARC Manager

English

Español
Deutsch
Français
Italiano
한국어
日本語
Português (BR)
繁體中文

English

Español
Deutsch
Français
Italiano
한국어
日本語
Português (BR)
繁體中文

DMARC Overview

Welcome to the DMARC documentation section. Here you'll find comprehensive information about DMARC, a protocol that enables domain owners to control, authenticate, and monitor email sent on their behalf.

What is DMARC?

DMARC lets a domain owner decide which email infrastructure is allowed to send on their behalf and as well as providing reporting on which email infrastructure is sending on their behalf. DMARC allows therefore grants the domain owner control and visibility of the use of their domain in terms of email.

How Does DMARC work?

DMARC works by adding a special TXT record to the DNS (Domain Name System) of the email domain, which specifies how the domain owner wants the receivers to handle the messages that claim to come from that domain. The TXT record contains a set of tags and values that define the DMARC policy, such as the alignment mode, the percentage of messages to apply the policy to, the reporting options, and the desired actions for failed messages.

When a receiver gets an email from a domain that has a DMARC record, it first checks if the message has a valid SPF and DKIM signature, and then compares the domains used in those signatures with the domain in the From header of the message. If the domains match, or align, according to the DMARC policy, the message passes the authentication. If not, the message fails the authentication and the receiver follows the action specified by the DMARC policy, such as reject, quarantine, or none.

Why is DMARC Important?

DMARC is important because it helps email senders and receivers to improve the security and reliability of email communication. By using DMARC, senders can protect their domains from being used by malicious actors to send spam, phishing, or malware emails that can harm their reputation and their recipients. DMARC also gives senders more visibility and control over how their messages are handled by the receivers, and allows them to receive feedback and reports on the delivery and authentication status of their messages.

Receivers, on the other hand, can use DMARC to filter out or flag messages that fail the authentication checks, and reduce the risk of exposing their users to fraudulent or harmful emails. DMARC also helps receivers to trust the messages that pass the authentication, and deliver them to the intended recipients without delay or modification.

Limitations of DMARC

DMARC is not a perfect solution for email authentication and security, and it has some limitations that need to be considered. Some of the limitations are:

  • DMARC requires both the sender and the receiver to implement and support the protocol, otherwise it will not work. Not all email domains or providers have adopted DMARC, and some may have different or incompatible policies or configurations.

  • DMARC relies on SPF and DKIM to verify the sender and the message, but both of these protocols have their own limitations and challenges, such as IP address spoofing, key management, or forwarding issues.

  • DMARC does not encrypt or protect the content of the message, only the identity of the sender and the integrity of the message. Therefore, DMARC does not prevent the message from being intercepted, read, or modified by third parties during the transmission.

  • DMARC does not prevent the sender from using a different domain than the one they own or have permission to use, as long as they have a valid SPF and DKIM signature for that domain. Therefore, DMARC does not prevent the sender from using a legitimate or trusted domain to send malicious or deceptive emails.