Leveraging the Power of Email Authentication – Part 1: What is DMARC?

Share Button

This article is Part 1 of our “Leveraging the Power of Email Authentication” series. Read Part 2: Using DKIM to Enable DMARC and Part 3: Implementing DKIM.

A business can ensure its email is accurately delivered to inboxes around the world and reject the delivery of phishing.

The DMARC email authentication protocol stands for Domain-based Message Authentication, Reporting and Conformance. It is a technical specification designed to increase the delivery of trustworthy emails from legitimate senders and provide companies with higher visibility into their email channel. Microsoft, Gmail and other email providers are asking businesses for roughly three sentences of information to achieve results. The following article examines how the DMARC protocol will enable a business to control the delivery of email. Subsequent articles in this series describe the supporting standards – SPF and DKIM.

Without DMARC, Email Delivery Can Be a Lottery

Email providers struggle to accurately determine if an inbound email that says it’s from yourBusiness.com is fraud or legitimate. When Gmail, Microsoft and others do their best to block phishing, sometimes our valid email is mistakenly classified as spam. Unfortunately, email abusers have the same deliverability and can send spear phishing email to CEOs that successfully lands in an inbox. If email hosts could authenticate email from yourBusiness.com, then these scenarios of email deliverability and phishing would not be a problem.

Email Without DMARC:
Email providers like Google and Microsoft struggle to identify legitimate email vs. phishing attacks, so most mail is delivered to the end user.


DMARC Empowers Companies

The DMARC email protocol enables a domain owner to communicate with email receivers and authenticate email before it is placed in an inbox. This collaborative email authentication process enables businesses to stop phishing in real time. Furthermore, a company receives reports from the email receivers that contain inbox placement rates, identification of fraudulent email senders, and many other attributes of corporate email traffic.


Email with DMARC:
With DMARC, mail receivers verify each email with the business. Also, the email receiver provides a number of email reports to the business.

With DMARC a Company Can:

  • Eliminate email phishing to all receivers including customers, employees and business partners
  • Increase marketing campaign deliverability
  • Receive reports from email providers regarding all email claiming to be from yourBusiness.com
  • Review emails failing DMARC for any phishing websites or malware

Email authentication experts are able to implement a DMARC policy within a day. The first policy is called “monitoring mode,” where email traffic is not altered, but a company can start reviewing deliverability reports from email receivers. After implementing a simple DMARC policy to monitor email traffic, the next step is to enable DKIM and SPF protocols to establish email authentication, stop phishing, and increase deliverability of valid corporate email.

We will explore the next steps as part of our “Leveraging the Power of Email Authentication” series. Read Part 2 and Part 3.

Related Posts

Fraud in the Time of Coronavirus As the world grapples with the Coronavirus pandemic, self-isolation and stay-at-home-orders have increasingly become the norm.
Coronavirus and Cyberattacks: Tips to Keep your Customers Secure Fraud attacks are now on the rise, with malicious actors launching targeted phishing and malware attacks, capitalizing on the Coronavirus pandemic. Having a strong cybersecurity strategy in place has never been more critical.  

Leave a Reply

Your email address will not be published. Required fields are marked *