Blog DMARC: Everything you should know and how to set it up

DMARC: Everything you should know and how to set it up

1 November 20191 November 2019| aoaassociates-online.preview-domain.comaoaassociates-online.preview-domain.com| 0 Comment| 13:16
Categories:

[su_youtube url=”https://www.youtube.com/watch?v=JSwnh9aww0E”]nnIn this article, we will explain the following:n

    n

  1. What is DMARC?

    2. n

  2. Why is DMARC important?

    3. n

  3. How does DMARC work, briefly, and in non-technical terms?

    4. n

  4. How does DMARC work (detailed)?

    5. n

  5. Why some ESPs reject/quarantine emails if DMARC is not set up?

    6. n

  6. How to create and verify a DMARC record on the platform?

    7. n

nnWhat is DMARC:nnDMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is an email authentication, policy, and reporting protocol. It builds on the widely deployed SPF and DKIM protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor protection of the domain from fraudulent email.nnnWhy is DMARC important?nnWith the rise of the social internet and the ubiquity of e-commerce, spammers and phishers have a tremendous financial incentive to compromise user accounts, enabling theft of passwords, bank accounts, credit cards, and more. Email is easy to spoof and criminals have found spoofing to be a proven way to exploit user trust of well-known brands. Simply inserting the logo of a well known brand into an email gives it instant legitimacy with many users.nnUsers can’t tell a real message from a fake one, and large mailbox providers have to make very difficult (and frequently incorrect) choices about which messages to deliver and which ones might harm users. Senders remain largely unaware of problems with their authentication practices because there’s no scalable way for them to indicate they want feedback and where it should be sent. Those attempting new SPF and DKIM deployment proceed very slowly and cautiously because the lack of feedback also means they have no good way to monitor progress and debug problems.nnDMARC addresses these issues, helping email senders and receivers work together to better secure emails, protecting users and brands from painfully costly abuse.nnnHow does DMARC work, briefly, and in non-technical terms?nnA DMARC policy allows a sender to indicate that their messages are protected by SPF and/or DKIM, and tells a receiver what to do if neither of those authentication methods passes – such as junk or reject the message. DMARC removes guesswork from the receiver’s handling of these failed messages, limiting or eliminating the user’s exposure to potentially fraudulent & harmful messages. DMARC also provides a way for the email receiver to report back to the sender about messages that pass and/or fail DMARC evaluation.nnnHow does DMARC work (detailed)?nnnnMore detailed explanation can be found here.nnnWhy some ESPs reject/quarantine emails if DMARC is not set up?nnLarge scale email receivers, such as Yahoo, Comcast, AOL and many more are increasingly requiring that email messages be properly authenticated, and when they say properly authenticated it means in a DMARC-compliant way.nWhen DMARC is not verified, some ESPs automatically reject or quarantine the email.nMost of the time, the quarantine emails, meaning they send them to SPAM.n

Source: DMARC.org

nnHow to create and verify a DMARC record on the platform?nnFor your convenience, the platform has a built-in DMARC policy check and generator.nnTo check and create a DMARC policy, go to Settings > Domain Sender Verification, add your Sending Domain and click on Generate:nnnnOnce you click on the Generate button, the system will create a default record for your convenience. You can edit this record by clicking the Edit icon.nnnnThe changes that you make to “DMARC policy type”, “Email analysis percentage”, “Email aggregate DMARC reports to”, and “Email forensic DMARC failure reports to” will be reflected in the Value:nnDMARC policy types:nThere are three types of policies: None, Quarantine, and Reject.n

    n

  • None: The mailbox provider won’t take action for emails that fail DMARC.

    • n

  • Quarantine: This will make the mailbox providers treat all emails that fail DMARC as suspicious. Quarantining an email delivers it into an area outside of the inbox, such as the spam or junk folder.

    • n

  • Reject: The mailbox providers will reject all emails that fail DMARC.

    • n

nEmail analysis percentage: The percentage of emails that will be checked.nnEmail aggregate DMARC reports to: The aggregate DMARC reports contain information about the authentication status of messages sent on behalf of a domain.nnEmail forensic DMARC failure reports to: A forensic report is essentially a copy of the email that failed DMARC validation and is typically sent immediately after the failure.nnnnOnce you finish, click on the value to copy it to your clipboard:nnnnOnce you finish, add the entry to your DNS record and click Verify.nnHere’s an example:nnnnDepending on the DNS server, changes might take anywhere from a few minutes to 24 hours to reflect.nIf the verify does not work after that time, please contact support for further assistance.nn n

[lore_button label=”Get Started” link=”app.aoaassociates.com/Login” size=”regular” style=”default”]

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post

ZapierZapier

Zapier is an online automation tool that connects different apps together, and you can use it as well with your Symphony, by AOA account. Once you signup for an account on

Read MoreRead More