When a sender publishes a DMARC policy, the sender clearly indicates to the mailbox provider whether emails are protected by SPF and DKIM. The sender also specifically tells the mailbox provider how to process incoming email that fails the SPF or DKIM authentication tests. For example, block the message or divert it to the spam folder. DMARC clearly tells the mailbox provider to respond to incoming mail that fails authentication tests. The mailbox provider can report back to the email sender about whether incoming emails pass or fail the evaluation process.
Most reputable email providers use DMARC. As a result, email senders who implement DMARC can get consistent authentication results for their messages.
The DMARC Process
A DMARC policy for a particular sender is published in the DNS as text (TXT) resource records (RR).
When the mailbox provider receives an incoming mail, it checks the results of the SPF and DKIM tests. It also accesses the DMARC policy for that sender. This policy defines what an email receiver does with incoming mail when that mail does not pass the SPF and DKIM tests.
The mailbox provider determines whether the results of the SPF and DKIM authentication tests meet the standards of the published DMARC. If the email fails to meet the DMARC standard, the provider rejects the incoming message or marks it as spam. The categorization depends on the instructions that the sender publishes in their DMARC. In DMARC terms, rejected and spam emails are referred to as a "non-aligned" email.
The mailbox provider reports back to the email sender about all non-aligned incoming emails.
DMARC focuses its analysis on the domain in the from address. This identifier is used with the results of the underlying authentication technologies (at the moment SPF and DKIM).
It is essential that the DKIM and SPF domains have the same organization domain as the from address domain.
With DMARC, there is essentially no difference between an email that is signed with the wrong DKIM and an email with no DKIM signature. For more information, see DKIM Signature.
If you want to create and publish a DMARC policy for your Mapp Engage system, contact your customer service representative. Our team of skilled deliverability experts can help you create a DMARC policy for your system.
There are several basic steps for setting up a DMARC process for your system:
- Develop your DKIM and SPF policies.
- Publish a DMARC record that indicates which policies you use and requests reports from mailbox provider.
- Analyze the data and modify your mail streams as appropriate.
- Gradually modify your DMARC policy flags from "monitor" to "quarantine" to "reject" to improve control.