What is DMARC?
What is DMARC?
STOP HACKERS FROM SENDING EMAILS USING YOUR DOMAIN!
Everything you need to know about DMARC!
DMARC combines the widely used SPF and DKIM protocols to ensure that an email’s “From: ” field is authentic and if not, via DMARC it can be reported to the concerned bodies.
READ MORE
History of DMARC
Founded in 2012, DMARC standard was published to prevent email abuse that was not being taken care by SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail) standards that had been in practice since 15 years. It was created by industry leaders like PayPal, Google, Microsoft and Yahoo.
DMARC works on the basis of SPF and DKIM and is originally developed as an email security protocol at the DNS level. Current DMARC adoption rate globally is low but its importance has led almost all governing authorities to make its implementation compulsory for member organisations. DMARC serves as a tool to prevent spoofing and increase email deliverability to gain the maximum ROI from an organisation’s most critical asset: Email.
How Does DMARC Help?
GLOBAL STATISTICS JUSTIFYING THE NEED FOR EMAIL AUTHENTICATION
Phishing attacks have risen by 350% during the COVID-19 Pandemic!
$600 million every year is scammed by Phishing attacks!
Globally 1 in 3 companies have been victims of CEO Fraud Email Scams!
DMARC has been adopted by the biggest email senders and email receivers globally. This includes Yahoo!, Google, and Microsoft, covering 85% of the consumer inboxes in the world.
The most important reason why DMARC should be used is that it gives an organisation full control on how their domain is being used. The organisation can also instruct the receivers on what actions should be taken if the incoming email is not legitimate and report the incident back to the organisation for further analysis.
It saves consumers from the trouble of identifying whether an email is legitimate or a spam. Sometimes it may happen that regardless of all the knowledge of email spoofing a receiver might fall into the trap. DMARC makes sure that this does not happen.
- Protection against phishing on your customers using your domains.
- Protection against Brand Abuse and targeted scams.
- Protection against ever rising Malware and Ransomware Attacks.
- Protection against Spear Phishing and CEO Frauds.
DMARC Architecture

Image Credit: Global Cyber Alliance
There have been other protocols and frameworks that focus on security of an email while in transit (S/MIME Encryption, SSL/TLS Handshakes & Digital Certificates etc.), but these, along with originally used SPF and DKIM protocols on the DNS, were not enough to stop someone from phishing with your domain!
What kind of reports are sent back if you implement DMARC?
Aggregate Reports
- Sent on a daily basis.
- Includes all IP addresses that were used to send emails using your domain.
- Includes SPF and DKIM status with details.
- Provides an overview of all email traffic.
Forensic Reports
- Real Time Reports.
- Only sent for DMARC failed emails.
- May contain Subject and Actual content of email.
- Includes original message headers.

AVOID THESE MISTAKES
Common misconceptions about DMARC!
DMARC’s “p=reject” policy enforces the recipient server to reject the email delivery to inbox of the recipients if it is failing DMARC. Implementing this without proper intelligence and whitelisting can result in your emails not getting delivered and eventually not obtaining any result out of your campaigns. Get in touch with our team immediately if you’re currently facing any difficulty in your email deliverability!
DMARC only governs the outbound channel of your email, i.e. it only concerns with legitimate senders of the email that can use your domain. Having a DMARC on your domain does not tackle incoming phishing attacks, it only stops hackers using your domain to send emails anywhere.
Yes, ability of your domain to be spoofed is not tackled by your domain just having a DMARC record. It depends on the policy of enforcement your DMARC is on. Organisations often put a DMARC record just to comply with certain authorities or governments, however, this does not make your domain safe from hackers.