Understanding Domain-Based Message Authentication
DMARC (Domain-based Message Authentication, Reporting, and Conformance) makes use of previous attempts to authenticate email through SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail). DMARC builds on these two authentication methods by adding domain alignment and then providing policy that enables the delivering server to take an action if the email is found to be non-compliant.
SPF works by allowing domain owners to specify which mail servers are authorised to send emails on behalf of their domain. When an email recipient receives a message, SPF verification ensures that the sending server is included in the authorised list published for the sending domain. DKIM, on the other hand, involves the use of cryptographic signatures to verify the authenticity and integrity of an email message. This ensures that the email has not been tampered with during transit and that it genuinely originates from the claimed domain.
Alignment means that the domain in the visible "From" address of an email and the domain authenticated through SPF and DKIM are the same. For an email to be DMARC compliant only one of either SPF or DKIM must align to the domain in the “From” address. There is however value in email sources being aligned for both SPF and DKIM, because it increases the trust in the source of the email and therefore increases the deliverability of the email. This article provides some examples of DMARC alignment.
DMARC Policies and Alignment
The first step in achieving DMARC compliance is publishing a DMARC record with a policy of “none” to begin gathering reporting about your email. The reporting will tell you who is sending from your domain, the DMARC compliance of that email for both SPF and DKIM, what the DMARC capabilities are of your email sources, how many emails are being forwarded onto other email addresses, and very importantly who is sending email on your behalf but are not authorised to do so.
The effort associated with achieving DMARC compliance for most organisations is linked to the number of email sources they have and the teams that own those relationships with the email sources. Every one of those email sources must be compliant before the ultimate goal of DMARC, an enforcement policy of “reject”, can be implemented.
This all relies on alignment, compliance means alignment.
Why DMARC is More Important Than Ever
The recent announcements by Google and Yahoo, requiring DMARC compliance from all senders of more than 5,000 email per day, are expected to give DMARC implementation a significant boost as organisations scramble to ensure that their email sources are DMARC compliant.
There will be marketing departments everywhere suddenly very interested in DMARC to ensure that their emails get through to their customers. When you consider that as of May 2022 only 38% of Australia’s top 100 companies had policy of “reject” or “quarantine” and 62% had a policy of “none” or no DMARC record at all, I can imagine that the scrambling is going to be quite frantic over coming months.
Figure 1: DMARC Adoption among Australia’s Top 100 Companies
How Spartans Security Can Help
Spartans Security operates an affordable managed service that enables us to provide monthly reporting on your DMARC compliance. The monthly reporting gives you a summary of your monthly email, detailing:
· List of DMARC compliance issues and links to documentation on how to resolve them.
· Emails sent by your DMARC capable email sources.
· Emails forwarded to other email addresses.
· Emails that have been sent by hackers impersonating your domain.
Looking for cyber security advice and guidance? Then feel free to reach out to us at info@spartanssec.com. Our dedicated experts are looking forward to assist with robust solutions according to your organisation's needs.
Comments