What is DMARC, and why are we deploying it?
DMARC is an internet based technical specification that describes how to make email easy to identify and authorise. It is widely supported by a large number of email providers across the globe including Google, Yahoo, Outlook.com and AOL.
DMARC - Domain-based Message Authentication, Reporting and Conformance - makes it harder for others to pretend to be you. This helps defend against phishing of our organisation and others, spam using domain names (our brand), and it enables receivers including ourselves to determine the authenticity of e-mail sent with our domain.
What does this mean for us?
Deploying DMARC means we have to authenticate the e-mail that is legitimately sent on behalf of our organisation. DMARC combines two technologies to authenticate e-mail, which we are deploying to our domains.
Deploying SPF
Sender Policy Framework is a way for Internet Service Providers to verify that a mail server (IP address) is authorized to send email for a specific domain. Deploying SPF means that we publish DNS records that identify the IP addresses of senders that are legitimately sending e-mail using our domain.
Deploying DKIM
DKIM - Domainkeys Identified Mail is a technology that is used to associate a message to our domain. It uses cryptographic signatures to ensure that the message is authentically sent on behalf of our organisation, and that the message headers (containing our domain) and body were not modified.
Closing the loop
Once we deploy DKIM and SPF for each or our e-mail streams, DMARC alllows us to request that email that is not authentically from us be rejected - thereby protecting our domains.