Have you ever received an email that looked like it came from someone you knew but was phishing for your email password or banking information? That’s called spoofing.
The constant battle against spoofing never ends. Because of phishing scams, users are taught to be wary of incoming messages. This lack of trust impacts a company’s ability to effectively communicate and work via email. SPF, or “Sender Policy Framework” is great for protecting against attacks where the 5321.MailFrom header is spoofed, however hackers are now spoofing the RFC 5322.From header which cannot be detected by an SPF check.
So how do we stop spoofed emails?
Enter DMARC (Domain Message Authentication Reporting and Conformance), a standard that prevents spammers from using your domain to send email without your permission (spoofing). Millions of providers have used DMARC to put trust back into email. Every company with a domain name should consider leveraging DMARC to reduce spam and prevent phishing attacks.
How does DMARC work?
DMARC allows the sender to indicate that their messages are protected by SPF or DKIM and tells the receiver what to do if neither of those authentication methods passes, such as junk or reject the message. The following flowchart shows the process, assuming a receiver has implemented SPF and DKIM.
How to implement DMARC on your domain
- First set up SPF and DKIM. DMARC is built on top of these standards.
- Create a DMARC record to start monitoring results
- Analyze the DMARC reports to diagnose issues
- Convert email sources to align DMARC with DKIM and SPF
- Publish a reject record to reject email that is not aligned with DMARC
- If you have any systems or software that spoofs your domain such as a email system for sales, QuickBooks or other GL for sending invoices or other system, you must add their SPF record to your Domain records as well. Each service will have a SPF record specific to them so you will have to contact them to get the info. Typically only 10 SPF records can be used effectively.
For more information on DMARC go to www.dmarc.org