With rapid digitization, email has become one of the most effective communication tools, both for business and corporate entities. However, the matter of concern is that the same emails are a favorite avenue for threat actors who exploit them to carry out malicious attacks, impersonate trusted brands, and spam naive users. This is where DMARC (Domain-based Message Authentication, Reporting, and Conformance) steps in! This is a robust email authentication protocol that can protect your domain as well as email recipients from the prying eyes of cybercriminals.

This guide explains DMARC policies for beginners— by the end of this article, you will know when to use which DMARC policy to get optimum protection from phishing and spoofing

 

DMARC- Basic definition

DMARC is a powerful email authentication protocol that verifies whether each email sent from your domain is completely legitimate. The ultimate goal of using DMARC is to prevent threat actors and unauthorized entities from sending malicious emails on your behalf. DMARC operates by leveraging two existing protocols: SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail).

 

threat actor

 

The job of DMARC is to ensure that:

  1. Illegitimate emails are filtered out from all the outgoing emails
  2. The domain owner gets to decide what happens to the unauthenticated emails (whether they are sent to spam, simply rejected, or no action is taken against them).

DMARC implementation protects your domain from any kind of misuse and helps build trust among your email recipients.

 

DMARC policy explained

DMARC policy is basically a set of instructions that you pass on to the receiving servers on how to treat unauthenticated emails sent from your domain. A domain owner gets three major policies to choose from: none, quarantine, or reject

 

None policy

Also known as the monitoring policy, p=none does not intercept unauthorized emails sent on behalf of your domain. The common notion is that p=none is an inefficient or useless DMARC policy. However, the fact is that p=none can prove to be beneficial in specific cases. 

The ‘none’ policy is suitable for:

 

New domains

If your domain is new, then starting with the ‘none’ policy helps you closely monitor the performance of the emails. The policy will simply gather data around legitimate IP addresses and email servers that are allowed to send emails from your domain.

 

email server

 

Businesses that have multiple teams, channels, or units

If yours is a large company or business with a decentralized email flow, multiple teams, and departments, p=none is the way to go. The policy will help you keep a tab on email communications across multiple departments at the same time.

 

Maintaining or enhancing the deliverability rate for domains that use transactional emails

The ‘none’ policy is also suitable for domains or subdomains that send transactional emails and use third-party vendors, such as marketing platforms or CRM systems

 

 CRM systems

 

Testing DMARC’s impact on both internal and external emails

The ‘none’ policy enables you to check how DMARC is impacting the external and internal emails that are being sent from your domain. At times, you may have to test the effect of DMARC on the internal and external emails separately. The p=none policy enables you to check things separately without hampering the functioning of either type of email.

 

Domains that are used for public interactions or high-volume communications

info@domains and notifications-based domains should also use the ‘none’ policy, as this allows them to evaluate the IP addresses and sources that communicate with the public-facing addresses. Analyzing them closely enables you to enforce reject or quarantine policy later on.

 

Phased DMARC transition

Rushing the transition from ‘none’ to ‘quarantine’ and then to ‘reject’ can affect the email flow and disrupt their deliverability. It is, therefore, advised to stick to p=none in order to determine and fix the issues.

 

Quarantine policy

Stricter than the ‘none’ policy, but lenient as compared to the ‘reject’ policy, p=quarantine is the DMARC policy that instructs the recipient servers to deliver the unauthorized emails to the spam folders. The suspicious emails land in the spam folders instead of getting completely rejected. It offers a greater degree of protection to your domain than the p=none policy. At the same time, it also minimizes the chances of important/legitimate emails getting outright rejected

Here are the situations where you should use p=quarantine policy:

 

spam

 

Gradual transition from ‘none’ to ‘reject’

The p=quarantine policy bridges the gap between ‘none’ and ‘reject’ policies. It’s great to shift to ‘quarantine’ from ‘none’ and then move to ‘reject’ finally. This phased transition enables domain owners to identify the actual non-compliant senders and fix the issue accordingly.

 

To minimize cases of false positives

Organizations with complex email flow setups should go for the ‘quarantine’ policy. Different units and departments may lead to mismatched SPF and DKIM setups. The ‘quarantine’ policy enables you to identify the emails that fail to pass DMARC tests. 

 

To safeguard your non-essential subdomains

Non-essential subdomains are among the threat actors’ prime targets. Domain owners often ignore their safety since they are non-essential. However, enforcing p=quarantine can be helpful in this case. With the quarantine policy, it becomes more convenient to identify non-compliant messages without affecting email deliverability.

 

 email deliverabili

 

Internal domain forwarding issues

Domains that involve multiple internal email forwarding or routing may fail the DMARC test because of their non-alignment with either SPF or DKIM. In such cases, the ‘quarantine’ policy comes in handy. It serves as an intermediary and helps you analyze the situation without rejecting the emails.’

 

High-volume email environment

If your domain sends out high-volume emails such as automated notifications or customer service systems, then it is advisable to use p=quarantine. The high volume of data offers accurate insights based on which the domain owner can eventually transition to p=reject.

 

 email forwarding

 

Reject policy

The ‘reject’ policy instructs the recipient servers to entirely reject the unauthorized emails that are sent from your domain. It is a stringent DMARC policy used by a few domain owners since no one wishes to risk their legitimate emails being rejected.

Below-given are the use cases for p=reject:

 

VIP email addresses

VIPs and executives are impersonated quite often by threat actors in order to trick clients, shareholders, and employees into making significant financial transactions. That’s why enforcing p=reject will be a suitable choice to disrupt the malicious intentions of threat actors.

 

Malicious Intentions

 

E-commerce giants, government entities, and high-value brands

People generally consider such sectors to be highly credible. That’s exactly why threat actors try to impersonate the same and send out unauthorized emails from such domains. Therefore, these types of high-value domains stick to p=reject in order to eliminate the malicious intentions of threat actors. 

 

The finance sector and high-security industries

These industries often serve as a treasure trove of sensitive data. That’s exactly why they don’t take any risk and stick to p=reject in order to amplify their email security

 

Wrapping up!

Email authentication is the need of the hour, given the increasing instances of cyberattacks across the globe. This elaborate guide around DMARC policy will help you simplify your email authentication journey in easy yet impactful stages. Choose the right policy and protect your email communication system like a pro.

Pin It on Pinterest

Share This