Email is the most pervasive and widely used communication tool in the business world, and also the most vulnerable to cyberattacks.
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol designed to help organizations protect their email domains from unauthorized use, such as email spoofing and phishing attacks. It provides a way for email receivers to verify that incoming emails are coming from authorized sources, ensuring a more secure email ecosystem. In this blog, we will delve into how DMARC works with subdomains and the use of the DMARC “sp” tag.
DMARC is built on two existing email authentication protocols, SPF (Sender Policy Framework) and DKIM (Domain-Keys Identified Mail), which authenticate the source of an email message. It takes these authentication results and provides a mechanism for email receivers to determine the disposition of a message, based on policies specified by the domain owner. These policies can be set to either monitor, quarantine or reject an email that fails authentication checks.
Subdomains in DMARC
Organisations frequently use subdomains to divide various services or departments. Subdomains, on the other hand, might be a cause of confusion for email authentication. The “Subdomain Policy” or “sp” tag in DMARC enables domain owners to designate how DMARC should process emails from subdomains.
The “sp” tag can have three values:
- “none” – this means that DMARC is not applied to the subdomain, and the authentication checks only apply to the domain itself.
- “quarantine” – this means that DMARC applies to the subdomain, and if an email fails authentication checks, it should be quarantined or sent to the spam folder.
- “reject” – this means that DMARC applies to the subdomain, and if an email fails authentication checks, it should be rejected or not delivered.
Why Use DMARC with Subdomains?
Organizations must use email authentication to combat email spoofing and phishing attacks. DMARC with subdomains assists domain holders in preventing attackers from exploiting their organization’s subdomains. It assures that any email sent from subdomains is permitted, and it aids in preventing unauthorised senders from sending messages that seem to be sent from a subdomain.
Consider an organisation having the subdomain “hr.example.com.” Without sufficient authentication checks, an attacker might send an email that appears to come from the subdomain, such as “email@example.com,” if DMARC is not applied to the subdomain. DMARC with subdomains can assist avoid this sort of attack by guaranteeing that only authorised senders can send email messages from the subdomain.
How DMARC Works with Subdomains?
DMARC with subdomains works by allowing domain owners to specify how DMARC policies should be applied to emails coming from subdomains. The “sp” tag is used to set the subdomain policy, which can be set to none, quarantine, or reject.
When an email is received, DMARC first checks if there is a DMARC policy for the subdomain. If there is no policy, it falls back to the DMARC policy for the domain itself. If there is a policy, DMARC applies the policy based on the “sp” tag value specified in the policy.
For example, if the DMARC policy for the domain is set to “reject” and the “sp” tag for the subdomain is set to “none,” DMARC will reject any emails that fail authentication checks from the domain but will not apply DMARC to emails from the subdomain. If the “sp” tag for the subdomain is set to “quarantine,” DMARC will quarantine any emails that fail authentication checks from the subdomain, but will still reject emails that fail authentication checks from the domain.
Best Practices for DMARC and Subdomains
Email has grown into a key target for fraudsters in the modern era of electronic communication. As a result, it is vital that both people and companies take the required precautions to safeguard their email systems.
To ensure the best protection against email spoofing and phishing attacks, domain owners should follow some best practices when using DMARC with subdomains. Here are some best practices to consider:
- Implement DMARC at the top-level domain – DMARC policies should be implemented at the top-level domain, such as example.com, instead of individual subdomains. This ensures that all subdomains inherit the same DMARC policy, and there is consistent email authentication across the organization.
- Set a DMARC policy for all subdomains – Even if a subdomain is not used for sending email, it is recommended to set a DMARC policy with the “sp” tag set to “none” to ensure that there is no confusion about the use of the subdomain for email purposes.
- Monitor DMARC reports for subdomains – Regular monitoring of DMARC reports can help identify any email authentication issues with subdomains. It is essential to investigate any authentication failures and take corrective actions to prevent further attacks.
- Use separate DKIM keys for subdomains – Using separate DKIM keys for subdomains can provide additional security for email messages. It ensures that if an attacker obtains the DKIM key for a subdomain, they cannot use it to sign messages from the domain itself.
The email has abilities that many channels don’t: creating valuable, personal touches – at scale. And keeping that safe is your responsibility.
DMARC with subdomains provides additional security for organizations by ensuring that only authorized senders can use subdomains for sending email messages. The use of the “sp” tag allows domain owners to specify how DMARC policies should be applied to emails coming from subdomains. Implementing DMARC with subdomains and following best practices can help prevent email spoofing and phishing attacks, providing a more secure email ecosystem.