Skip to content

DMARC

Secure your e-mail system with DMARC

E-mail is the main vector of communication in companies. It is also the first vector of cyberattacks with devastating consequences for companies and administrations.

Several protocols, such as SPF, DKIM, DMARC and BIMI can be effectively deployed to secure your e-mail system, particularly against phishing.

DMARC - Nameshield

Why implement a DMARC policy?

  • To prevent spoofing of the domains used to send e-mails and protect parked domains, which are too often forgotten.
  • To improve e-mails deliverability: with e-mail flows properly organized and authenticated, your e-mails will look more reliable to the webmails and anti-spam systems.
  • To implement BIMI, which allows the brand logo to be displayed in the recipients’ mailboxes.

Nameshield’s support adapted to your needs

  • Set up of the platform;
  • Assistance in publishing a DMARC policy on all of your domains;
  • SPF verification (syntax validity, IP list, deprecated or empty values, …);
  • Recommendation of the best possible emailing strategy in terms of domain use in order to minimize the risk of attack;
  • Analysis of your RUA reports and recommendations to help you authenticate all your legitimate email traffic with DKIM and SPF;
  • Assistance in the DMARC policy upgrade until you reach 100% of emails in “p=reject”;
  • Tracking of unusual behavior and phishing attempts.

DMARC a simple solution to help administrators to proceed quickly

DMARC a simple solution to help administrators to proceed quickly

To be DMARC compliant:

  1. the Header From domain (domain visible to the recipient) must be aligned with the SPF domain (envelope domain) and/or the DKIM domain
    (d=) ;
  2. the SPF and/or DKIM authentication must be valid (in addition to the alignment).

DMARC allows the owner of the sending domain to specify what action should be taken on the receiving side (webmail or anti-spam of the recipient) when they see non-compliant incoming emails.

There are 3 possible policies:

DMARC compliant
  • None -> the domain’s owner leaves the choice to the recipient’s webmail/anti-spam in case of DMARC non- compliance: emails can be accepted, put in the spam folder or rejected.
  • Quarantine -> the domain’s owner indicates to the recipient’s webmail/anti-spam that emails that don’t comply with DMARC should be put in quarantine when possible, or in the spam folder.
  • Reject -> the domain’s owner tells the recipient’s webmail/anti-spam that emails that don’t comply with DMARC should be rejected (bounced).