DMARC Policy

    DMARC policy helps your mail server filter messages. Every message gets evaluated and if it doesn’t pass DMARC authentication, the policy will recommend the server take action such as quarantine the message, reject it, or take no action at all.
    Overview

    What is a DMARC policy?

    Domain-based Message Authentication, Reporting, and Conformance (DMARC) is an email authentication method that protects against fraudulent emails. DMARC is an essential first line of defense against phishing emails and similar cyberattacks.

    DMARC builds on the SPF and DKIM authentication protocols that are currently widely used. By establishing a DMARC policy, organizations can let receiving email servers know how to validate messages from their domain and what to do with email that fails to authenticate.

    While DMARC can provide a critical layer of protection against spoofing attacks, implementing the DMARC protocol and establishing DMARC policy can be costly and complex, and managing and analyzing DMARC reporting on an ongoing basis can be time-consuming. It's no wonder, then, that so many organizations adopting DMARC policy turn to Mimecast for help in implementing and managing the DMARC protocol.

     

    GettyImages-1166072020-1200px.jpg

     

    What does a DMARC policy do?

    A DMARC policy helps email receiver systems distinguish legitimate and fraudulent emails. If an email doesn’t come from an approved domain, the DMARC alerts the receiver systems and tells them how to respond—isolating any potential threats.

     

    What are the various DMARC policy options?

    There are three essential DMARC policy options: “none,” “quarantine,” and “reject”

    • The “none” policy, also known as “monitor” tells the provider to take no action.
    • The “quarantine” policy sends any unauthorized emails into a separate folder, similar to a spam folder.
    • The “reject” policy tells the provider to block any unauthorized emails so that they cannot reach recipients.

     

    Why do you need a DMARC policy?

    It’s important to have an active DMARC policy to help protect against phishing attacks and ransomware.

    A DMARC policy reduces human error when protecting against cyber threats and enables your organization to respond faster and more efficiently to phishing attacks.

    Even if your employees are well-trained to recognize and respond to suspicious emails, a DMARC policy will help save them time and trouble by automatically taking protective action against potential threats.

     

    GettyImages-1074286338-1200px.jpg

     

    Which DMARC policy should you implement?

    The DMARC policy you should implement largely depends on the nature of information your organization needs to protect. To begin with, it is generally advisable to start with a “none” policy for the purpose legitimizing trusted hosts and domains. This can also help create a sense of any potential threats and monitor suspicious activity without inhibiting any usual legitimate communication.

    Once the groundwork has been laid out, the next step is to implement a quarantine policy so that legitimate communication can continue per usual, but there is now an additional layer of security to filter out potential threats.

    Finally, those who have greater needs for security will move towards implementing a reject policy. This is usually the case for financial institutions and healthcare organizations, whereas those who have less sensitive data to protect may continue with a quarantine policy.

     

    Defend against domain spoofing with a DMARC policy

    As the number of impersonation and spoofing attacks continues to rise, many organizations are turning to DMARC policy and protocols to stop these malware-less attacks.

    In a spoofing attack, a cybercriminal sends an email that appears to come from someone in your company in an attempt to trick the recipient into transferring money, revealing credentials, or sharing sensitive information. Spoofed emails may target your own employees and customers as well as suppliers and partners.

     

    Mimecast’s DMARC analyzer

    Mimecast’s DMARC analyzer acts as an expert guide, helping to speed and simplify implementation of DMARC policy. With DMARC analyzer, you can move toward a DMARC test protocol and reject policy as fast as possible. This cloud-based solution empowers you to easily manage complex DMARC deployment, providing faster insight into who is sending email on your behalf and determining which email is legitimate and which is not.

    Mimecast’s DMARC analyzer enables you to:

    • Simplify DMARC deployment with a step-by-step approach and self-service tools.
    • Get 360° visibility and governance across all email channels with an easy-to-use service.
    • Configure alerts, reports and charts that enable you to enforce DMARC policy sooner and monitor ongoing performance.

    Interested in learning more?

     

    A simpler way to establish DMARC policy

    To simplify deployment of DMARC protocols and establishment of DMARC policy, Mimecast DMARC Analyzer provides a 100% SaaS-based solution that reduces the time and complexity of enforcing DMARC authentication. DMARC analyzer includes:

    • Management of unlimited users, domains, and domain groups to easily achieve full coverage.
    • Forensic reports that streamline the task of tracking down malicious email sources.
    • Easy-to-digest aggregate reports and charts for faster analysis and DMARC policy enforcement.
    • Fast and easy updates to DNS records with a setup wizard for DMARC records.
    • Options for DMARC Office 365.
    • The ability to track progress over time by reviewing summary daily and weekly reports.
    • Two-factor authentication to enhance security.
    • Proactive email prompts that are issued when a DNS record changes.
    • A managed service option that delivers deployment and project management expertise proven to help reduce risk and enforcing DMARC policy in the shortest time possible.

     

    FAQs: DMARC policy

    What is DMARC? 

    DMARC – or Domain-based Message Authentication, Reporting and Conformance – is a protocol for email authentication, policy, and reporting. Designed to help prevent email impersonation, DMARC allows senders to let recipients know that messages are protected by Sender Policy Framework (SPF) and DomainKeys Identified Message (DKIM) protocols and provides instructions for how to handle messages that don't pass either of these authentication methods.

    How do I fix “DMARC policy not enabled”? 

    The error message “DMARC Policy Not Enabled” means your DMARC policy is active but set to “none” which means it cannot take action with any unauthorized emails.

    To fix this, modify your policy mechanism (p) from p=none to p=reject/quarantine.

    Where do DMARC quarantine emails go?

    DMARC quarantine emails usually end up in a Spam folder or similar equivalent. Depending on how the receiver is programmed to respond, the email may also be temporarily suspended from reaching its recipient altogether and/or scrutinized further for suspicious elements.

    Back to Top