As of previous blog we were talking about the email security using DKIM, on this blog we will be talking about how we can configure DMARC for exchange services. That be Exchange on-prem or Exchange online, Hence let’s know about DMARC first.
DMARC, which stands for Domain-based Message Authentication, Reporting, and Conformance is an email protocol; that when published for a domain; controls what happens if a message fails authentication tests (i.e. the recipient server can’t verify that the message’s sender is who they say they are). Via those authentication checks (SPF & DKIM) messages purporting to be from the sender’s domain are analyzed by receiving organizations and determine whether the message was really sent by the domain in the message. DMARC essentially handles the question of what should happen to messages that fail authentication tests (SPF & DKIM). Should they be Quarantined? Rejected? or should we let the message through even if it failed to prove it identify? Long story short, DMARC acts as a gatekeeper to inboxes and if setup properly can prevent phishing and malware attacks from landing in the inbox.
What are the benefits of DMARC?
There are a few key reasons that you would want to implement DMARC:
Reputation Publishing a DMARC record protects your brand by preventing unauthenticated parties from sending mail from your domain. In some cases, simply publishing a DMARC record can result in a positive reputation bump.
Visibility DMARC reports increase visibility into your email program by letting you know who is sending email from your domain.
Security DMARC helps the email community establish a consistent policy for dealing with messages that fail to authenticate. This helps the email ecosystem become more secure and more trustworthy.
How DMARC looks like?
DMARC are specifically TXT record that we update in our public DNS. Simply it looks like this: