A new layer of email security is available which is free and only takes a few minutes to set up
Email was invented in the 1970s and is still our main form of communication in business. But it was never made secure, and there has never been a much-needed “Email 2.0” with security baked in.
To address this, now you can add a layer of security to your email addresses to help reduce the risk of people impersonating your email address and using it for dastardly purposes.
DMARC, which stands for Domain-based Message Authentication, Reporting, and Conformance, is an email authentication protocol that helps organizations prevent email phishing and spoofing.
It works by telling recipients’ email systems what to do with messages that look phishy (or just fishy). 🐟
✅ You can use it for free.
✅ You only need to set it up once and then forget about it.
✅ It only takes a few minutes to set up.
✅ It will help you and the entire email system become more resilient and future-proofed.
Email is a primary target for the bad guys seeking to exploit vulnerabilities and compromise sensitive information. Domain-based Message Authentication, Reporting, and Conformance (DMARC) is as a useful tool for you to strengthen your email security.
DMARC builds on existing technologies like SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail).
Its goal is to authenticate the sender’s identity and prevent email phishing and spoofing attacks.
SPF (Sender Policy Framework): SPF allows domain owners to specify which mail servers are authorised to send emails on their behalf. It helps prevent email forgery by ensuring that incoming messages come from legitimate sources.
DMARC verifies that the “Mail From” domain matches the “From” domain in the email header.
DKIM (DomainKeys Identified Mail): DKIM adds a digital signature to outgoing emails, providing a way for the recipient to verify that the message hasn’t been tampered with in transit.
DMARC ensures that the domain in the DKIM signature matches the “From” domain.
DMARC allows you to specify what the receiver should do if they detect somebody trying to send email from your email address that is not from you. You can choose from three options:
None (p=none): In this mode, no action is taken based on DMARC results and the email will be allowed into the recipient’s inbox.
What’s the use of this? It’s because you can now receive reports on email authentication activity, helping you identify potential spoofing being done in your name.
Quarantine (p=quarantine): In this mode, suspicious emails are delivered to the recipient’s spam or quarantine folder. They can then review and decide what to do about them.
Reject (p=reject): The strictest setting, it instructs email providers to reject emails that fail authentication, preventing them from reaching the recipient’s inbox.
Why spend a few minutes setting up DMARC?
DMARC reduces the risk of phishing attacks by ensuring that emails from your domain are legit and have not been altered in transit.
Protecting your brand reputation
With DMARC, you can protect you brand reputation by preventing the bad guys from sending emails that appear to be from your domain.
You don’t want people to think you are one of the bad guys!
When you implement DMARC, you can improve your email deliverability rate, as ISPs (Internet Service Providers) are more likely to allow authenticated emails into customer’s Inboxes.
Visibility and reporting
For the first time, DMARC provides a standard way to report on email authentication activity. Now you can monitor and look into potential threats.
DMARC has gained widespread adoption across industries, with major email providers supporting and enforcing DMARC policies.
Is there a downside?
DMARC is a powerful tool but you need to know how to set it up (we can help).
You need to configure your domain’s records, monitor DMARC reports and act on them if necessary.
And implementing DMARC doesn’t mean you can stop educating yourself and your team about the importance of recognising and reporting phishing.
So, DMARC is a new and powerful weapon in the fight against email-based cyber threats.
Given how easy it is to set up and the protection you get, you should set it up straight away.
A few more questions about DMARC
Do you need both SPF and DKIM already set up to use DMARC?
In theory you don’t need either, but DMARC requires emails to pass either DKIM test or SPF. So having neither is pretty much guaranteed to fail DMARC.
The best idea is to have all three set up: SPF, DKIM and finally DMARC.
How can I get help setting up DMARC?
You would be very welcome to contact us. It’s just the kind of thing we enjoy
But it’s easy to set up yourself. Here are some top UK web hosting providers with links to their instructions on setting up DMARC:
Or subscribe to our Dotsafe website maintenance package and we’ll do it all for you!
How to set up DMARC
Note: as DMARC relies on the other two existing methods (SPF and DKIM) you should have these set up before you add your DMARC record.
If you’re not sure whether you have these records, contact us.
You will need access to your domain name records (DNS). You usually access these records via the company where you registered your domain name.
- Login to your domain name provider and find your domain name.
- Look for “DNS”, “domain name records” or “host records”.
- Look for a type of record labelled “TXT” with a “hostname” (sometimes labelled “host” or “subdomain” value of “_dmarc”. If you find one, you already have DMARC set up.
- If you don’t find one, you can add one as follows.
- The hostname (sometimes labelled “subdomain” or “host”) should be “_dmarc” without the quotes.
- The value should be “v=DMARC1; p=none; rua=mailto:[email protected]”. Replace “[email protected]” with the email address you would like your reports sent to. It’s easiest if this email address belongs to the same domain you’re adding the DMARC record to. It gets more complex if you want to send the reports somewhere else.
- Save the record.
What this does
The above instructions are how to set up a simple DMARC record that tells recipients what do when the emails they receive don’t pass the DMARC tests.
In this case, it won’t actually stop the email getting to you (as we used p=none) but it will start generating reports about the activity.