DMARC (Domain-based Message Authentication) is the new standard for preventing abuse messages in the email and malicious mail for the consumer facing difficulty in identifying legitimate email. As a result, they unexpectedly reveal the personal information and other details and it ultimately reduces the trust in the brand or company.

DMARC is used for email authentication process. It is used by ISP or Hosting companies for the process of identifying legitimate mailers from spammers. Especially DMARC allows email to be authenticated using SPF or DKIM. If the mail is identified as non-legitimate mail, the sender can choose to send those email to the junk folder or have them blocked altogether.

DMARC is used for the email system. It is a powerful way to help prevent malicious entities from potential spoofing. If you have this problem already or running a finance business, it might be right for you. This technology has steadily avoided the problem of fraudulent and deceptive emails.

Authentication Process

Anyone can compose the email and it can be received by any mail id in this world. While sending the mail to the receiver. The recipient mail address should be correct.

While sending mail, it has its own background process to authenticate that the mail as legitimate.

The process of DMARC:

  1. The sender has composed the email. It may contain attachment files also.
  2. Along the mail content, “MailServer” inserts the DKIM Header and send to the recipient.
  3. Email is received at the recipient end.
  4. It must undergo basic validation process, (IP Blocklists and etc.,).
  5. Validation is applied to email. Extract the DKIM header from the mail and verifies it.
  6. Retrieve the SPF record from the email and validation has been done.
  7. Applies the DMARC policies.
  8. If Email is passed, it is forwarded to the recipient inbox.
  9. Otherwise, it may contain Quarantine, virus or consider as non-legitimate mail.
  10. Update the sender with the report.


  1. Minimize false positive.
  2. Provides the strong authentication reporting.
  3. To declare with assurance sender policy at the receiver end.
  4. Reduce the phishing delivery.
  5. Minimize complexity.

DMARC builds upon DKIM (DomainKey Identified Mail) and SPF (Sender Policy Framework) specification that are being developed within the IETF. DMARC is designed to replace ADSP with addition support.

  1. Wildcarding or sub-domain policies
  2. Non-existing subdomain
  3. Slow rollout (e.g. percent experiments)
  4. SPF
  5. Quarantining mail.

DMARC resource record in the DNS

We can create the DMARC record as text(TXT) resource record(RR) and announce what an email receiver should do with non-aligned mail it receives.



Categorized in:

Tagged in: