Leveraging the Power of Email Authentication – Part 1: What is DMARC?

Share Button

This article is Part 1 of our “Leveraging the Power of Email Authentication” series. Read Part 2: Using DKIM to Enable DMARC and Part 3: Implementing DKIM.

A business can ensure its email is accurately delivered to inboxes around the world and reject the delivery of phishing.

The DMARC email authentication protocol stands for Domain-based Message Authentication, Reporting and Conformance. It is a technical specification designed to increase the delivery of trustworthy emails from legitimate senders and provide companies with higher visibility into their email channel. Microsoft, Gmail and other email providers are asking businesses for roughly three sentences of information to achieve results. The following article examines how the DMARC protocol will enable a business to control the delivery of email. Subsequent articles in this series describe the supporting standards – SPF and DKIM.

Without DMARC, Email Delivery Can Be a Lottery

Email providers struggle to accurately determine if an inbound email that says it’s from yourBusiness.com is fraud or legitimate. When Gmail, Microsoft and others do their best to block phishing, sometimes our valid email is mistakenly classified as spam. Unfortunately, email abusers have the same deliverability and can send spear phishing email to CEOs that successfully lands in an inbox. If email hosts could authenticate email from yourBusiness.com, then these scenarios of email deliverability and phishing would not be a problem.

Email Without DMARC:
Email providers like Google and Microsoft struggle to identify legitimate email vs. phishing attacks, so most mail is delivered to the end user.


DMARC Empowers Companies

The DMARC email protocol enables a domain owner to communicate with email receivers and authenticate email before it is placed in an inbox. This collaborative email authentication process enables businesses to stop phishing in real time. Furthermore, a company receives reports from the email receivers that contain inbox placement rates, identification of fraudulent email senders, and many other attributes of corporate email traffic.


Email with DMARC:
With DMARC, mail receivers verify each email with the business. Also, the email receiver provides a number of email reports to the business.

With DMARC a Company Can:

  • Eliminate email phishing to all receivers including customers, employees and business partners
  • Increase marketing campaign deliverability
  • Receive reports from email providers regarding all email claiming to be from yourBusiness.com
  • Review emails failing DMARC for any phishing websites or malware

Email authentication experts are able to implement a DMARC policy within a day. The first policy is called “monitoring mode,” where email traffic is not altered, but a company can start reviewing deliverability reports from email receivers. After implementing a simple DMARC policy to monitor email traffic, the next step is to enable DKIM and SPF protocols to establish email authentication, stop phishing, and increase deliverability of valid corporate email.

We will explore the next steps as part of our “Leveraging the Power of Email Authentication” series. Read Part 2 and Part 3.

Related Posts

Meet Lucifer: A New International Trojan The cat-and-mouse game between cybercriminals and security analysts never stops. Every so often, the mouse (in this case, represented by some kind of malware) pulls out front at a pace that catches that cat (the security solution) off guard.
5 Top Cybersecurity Questions (and Their Answers) It’s no secret that in the anti-fraud world, too many organizations are being victimized by advanced attacks that their antiquated security strategies are unequipped to tackle.

Leave a Reply

Your email address will not be published. Required fields are marked *