Embedded Files
Domain-based Message Authentication, Reporting, and Conformance
Domain-based Message Authentication, Reporting, and Conformance
Domain-based Message Authentication, Reporting & Conformance, known as DMARC, is a protocol that uses SPF and DKIM to determine the authenticity of an email message.
DMARC records make it easier for email systems to prevent malicious email practices, such as domain spoofing. It makes it almost impossible for a hacker to send an email to make it look like it came from the LEA domain.
DMARC allows email senders to specify how to handle emails that were not authenticated using SPF or DKIM. Senders can opt to send those emails to the junk folder or have them blocked altogether. This allows mail servers to identify spammers better and prevent malicious emails from invading Lea's inboxes while minimizing false positives and providing better authentication reporting for greater transparency.
There are a few key reasons LEAs would want to implement DMARC:
There are a few key reasons LEAs would want to implement DMARC:
Security: DMARC helps the email community establish a consistent policy for dealing with messages that fail to authenticate. This helps the email ecosystem as a whole become more secure and more trustworthy.
Reputation: Publishing a DMARC record protects your LEA by preventing unauthenticated parties from sending mail from your domain. Little Johnny will not be able to send an email to his parents that appear to come from his teacher.
Visibility: DMARC reports increase visibility into your email system by letting you know who is sending emails from your domain.
DMARC is catching on as more organizations are implementing it. Prudent email administrators WILL get all three set up for the domains they manage as more and more Internet Service Providers and email providers are beginning strict enforcement of all three. As the saying goes, “An ounce of prevention is worth a pound of cure.” For email, this has never been truer. Having all three records in place shows that emails coming from the LEA domain are truly from the LEA. It also shows that the LEA is serious about ensuring they are following best practices for email and doing its part to prevent spam, phishing, and other email security issues.
Hold your Horses
Hold your Horses
When creating your DMARC record you may want to jump straight to 100% reject; however, that is not recommended. Instead, you may want to follow these guidelines and start with a soft rollout monitor-only or 5% quarantine policy. You may find that 5% quarantine works better as it resolves better when testing your DMARC record with tools.
DMARC for Google Workspace
DMARC for Google Workspace
DMARC for Office 365
DMARC for Office 365
There are many resources available to LEAs to assist in setting up DMARC including
DMARC Monitoring
DMARC Monitoring
Before setting up DMARC, you may want to consider using a service to collect the DMARC reports sent to the email address you specify in your DMARC DNS Record.
Page updated
Report abuse