DMARC-Whitepaper
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
whitepaper<br />
dyn.com<br />
@dyninc<br />
The Importance of <strong>DMARC</strong><br />
Intro to <strong>DMARC</strong><br />
With over 144 billion emails sent every day, spammers and phishers have a<br />
rapidly growing playground for their attacks. In order for your Internet Service<br />
Provider (ISP) to determine that the emails your company sends are indeed<br />
from a verified sender and not spammers, you must authenticate your sends.<br />
Domain-based Message Authentication, Reporting & Conformance (<strong>DMARC</strong>)<br />
has been created as a standard to help properly authenticate your sends and<br />
monitor and report phishers that are trying to send from your name.<br />
How <strong>DMARC</strong> Works<br />
In order to get the most out of <strong>DMARC</strong>,<br />
Sender Policy Framework (SPF) and<br />
DomainKeys Identified Email (DKIM)<br />
must first be set up. <strong>DMARC</strong> uses both<br />
SPF and DKIM to verify the validity of<br />
messages being sent. In some cases,<br />
depending on how strict or lenient the<br />
sender needs to be, both can be mandatory<br />
or only one could be required.<br />
Assuming you already have working<br />
DKIM and SPF, <strong>DMARC</strong> is essentially a<br />
public statement informing ISPs that<br />
you would like them to authenticate<br />
your mail with DKIM, SPF, or both. After<br />
you send a message, the receiver will<br />
check your SPF and DKIM, making sure<br />
they align with your <strong>DMARC</strong> identifier. It<br />
does this by querying the DNS records<br />
for the domain where the message<br />
claims to come from and checks for a<br />
<strong>DMARC</strong> record.<br />
the email delivery process with dmarc<br />
If the message passes the stated authentication methods (making it aligned<br />
mail), it will then continue onto standard processing (e.g. anti-spam filters) and<br />
then eventually make it to its end destination.<br />
If a message is deemed unaligned, multiple different actions can happen. It<br />
should be noted that not all unaligned mail should be considered spam as an<br />
authorized message can end up passing as unaligned for different factors like<br />
an upgrade in infrastructure or an authorized 3rd party sender that doesn’t<br />
have your DKIM and SPF authentication set up.
whitepaper<br />
dyn.com<br />
@dyninc<br />
p2: The Importance of <strong>DMARC</strong><br />
In your <strong>DMARC</strong> setup, you will have told the receiver what to do with unaligned<br />
messages: do nothing and continue as normal, quarantine the message and<br />
move it along with suspicion, or completely reject it. Right now, these are the<br />
only three options set up in <strong>DMARC</strong>, but these allow for a low risk implementation<br />
time where you can monitor mail from your organization and slowly<br />
tighten your <strong>DMARC</strong> controls.<br />
Why is <strong>DMARC</strong> Important?<br />
Reputation is crucial in business. If your brand experiences phishing attacks,<br />
customers are 42 percent less likely to do business with you.<br />
<strong>DMARC</strong> can help in making sure that your brand and your customers are safe<br />
from imposters, giving you, and more importantly them, peace of mind. With<br />
<strong>DMARC</strong>, you are able to keep an eye on sending by rejecting messages before<br />
phishers are able to make a full-fledged attack.<br />
However, if you are rejecting every unaligned message, you may be keeping<br />
authorized mail from sending. Sometimes, if you do not preemptively set it up,<br />
authorized 3rd party senders, mail sent after infrastructure changes, mail sent<br />
from new products/subdomains, or even from mergers and acquisitions could<br />
be marked as a false positive in a <strong>DMARC</strong> report. <strong>DMARC</strong> offers summaries and<br />
detailed reports that help you better understand how your emails are being<br />
received. With this info, you can successfully adjust the breadth of your email<br />
sends to assure receivers that you’re sending email from a highly reliable mail<br />
infrastructure.<br />
Keeping on top of monitoring and the reports that you receive can allow you<br />
to make sure that you have caught these edge cases and can make adjustments<br />
to ensure they are marked as verified senders with a reputable infrastructure.<br />
If you find that you do have a phishing problem, you can take action to get that<br />
mail blocked and protect your customers.<br />
The Next Steps<br />
If you are currently using an Email Service Provider (ESP) to send your<br />
messages, you can work closely with them to make sure that you are set up<br />
for <strong>DMARC</strong>. Either check if you have already set up SPF and DKIM or ask your<br />
account representative to help you with the steps to roll out <strong>DMARC</strong>.<br />
If you are sending out your email internally (or even if you just want to learn<br />
more about <strong>DMARC</strong>), <strong>DMARC</strong>.org is a great resource for ensuring that you are<br />
properly following <strong>DMARC</strong> specifications.<br />
Start authenticating your mail with <strong>DMARC</strong> today.<br />
Contact us to get started: sales@dyn.com +1.888.840.3258<br />
© 2013 Dyn. All rights reserved. DynECT is a trademark or registered trademark of Dyn and such marks are protected by law.