Domain-based Message Authentication, Reporting & Conformance (DMARC)

Email deliverability is becoming hard and harder to guarantee. Furthermore your domains are being impersonated and spoofed constantly to send phishing emails to unsuspecting staff and clients alike. Email service providers like Google, Microsoft and Yahoo are implementing controls and minimum requirements to try to address this pandemic problem. Fail to implement these and you could find your emails going to spam, or worse, being blocked completely!

Here's a real-world phishing email example:

From: [email protected]

To: [email protected]

Subject: Invoice for product.

Hey Anna,

Congratulations! Your product has been delivered!

Please check the invoice and payment at this link: some link

Regards,

John

CEO of Trusted Business

Let's take a look at what's happened here.

What happens: The hacker sends a phishing email on behalf of your business to one of your customers, Anna, drives her to the phishing link, and steals money from her credit card.

Result: The recipient is fooled into thinking that the email is actually from Trusted Business, and navigates to that link. She sees a website almost identical to Trusted Business' official website, and pays £1000.

Consequences:

Anna, your customer, loses £1000;
Your customer support cost increases;
Your brand reputation is eroded;

Spoofed emails decrease user engagement, lower your sender score, and make your legitimate emails less likely to reach the inboxes. 

DMARCLY is a comprehensive SPF, DKIM and DMARC monitoring solution. Using DMARCLY, you gain complete visibility into your email authentication status with simple clicks in the dashboard.

DMARCLY helps block email spoofing and phishing very effectively, to protect your customers, employees, domains, and your brands.

In addition, DMARCLY allows you to break free from limitations like SPF's 10-DNS-lookup limit. Your email will never fail authentication because you have too many 3rd-party services in your SPF record.

Email is widely used not only for business and personal communications, but also by automatic systems that send you notifications and reminders triggered by your online activity. However, email is surprisingly vulnerable to impersonation attacks and online fraud. The origin of its vulnerability is that the information displayed in the “from” and “to” addresses are not necessarily where the email actually came from and who originated it.

Several attempts have been made over the years to validate that the person who sent an email is who they say they are. More recently (well, back in 2012!!) a protocol called DMARC has been created to give a clear answer to the validation question.

DMARC (Domain-based Message Authentication, Reporting & Conformance) uses two previously defined protocols SPF and DKIM and allows domain owners to explicitly tell the receiving email server what to do with an email that fails an authentication attempt.