Domain based Message Authentication, Reporting and Conformance (DMARC)
Gestation period of “@” :
In 1970’s, there weren’t more awareness about threats and malicious activities. cybersecurity which was formally known as computer security was gradually progressing. Even before that Electronic Mail (E-mail) was equivalent to sticking note on someone’s computer. Because, who wouldn’t trust any message from their colleagues? Until, “@”-apt came in the picture.
How ‘@’ came into existence :
- In 1971, Ray Tomlinson, introduced “@”- apt symbol to the world. It connected user-user. It was more like traditional letter wrapped in a virtual envelope address to an individual. While email was growing, at the same time malicious messaging, phishing, spam attacks grew too.
- It became the biggest IT security threat not only costing a company million dollar a year but also degraded trust between company and customer. Hence, some kind of guidelines were required to stop all these unwanted activities. Protocols created to authenticate identity of the sender and recipient.
Derivation of SPF and DKIM to form a robust DMARC standard :
- DMARC standard was published on 30th January, 2012. It is supported by already existing standards and widely deployed SPF (Sender Policy Framework) and DKIM (Domain-Keys Identified Mail).
- The common goal behind introducing DMARC was to develop a standard backed by a large consortium. When fraud or any malicious is detected DMARC takes an extra step to quarantine and reject the communication based on domain’s owner policy.
- It aware domain owner and they further convey it to the customers so there shouldn’t be any room for misunderstanding which improvises company-customer relationship.
Need of DMARC :
- DMARC is used to combat specific form of exact domain spoofing, albeit the mechanism of DMARC is used to create reliable message streams.
- It is a scalable mechanism which preserves the positive aspects of current widely deployed SMTP mail infrastructure.
- DMARC adoption has increased dramatically and has positive a well negative impact on the deliverability of the email. By academic research, 80% of mailboxes are secured with DMARC though it isn’t a default record type standard.
- In a hypothetical case, if you are subjected to an malicious intent; but you have implemented DMARC policies in a well manner, cybercriminal would tend to give up on hacking the domain. Because, chances of breaking into DMARC are minuscule!
Working of nitty-gritty :
- Domain owner who wishes to deploy DMARC must have deployed SPF and DKIM on its messaging infrastructure.
- For successfully publishing DMARC records, it is very important that SPF and DKIM records are published already. Once those records are in place one can configure DMARC record. One can use an external guide/wizard to create SPF and DKIM records. For passing the DMARC authentication, message must pass and aligned for either SPF or DKIM.
- When message is aligned recipient know who really sent the message. DMARC policies are published by domain owners and applied by mail recipients. DMARC policies are published as TXT records. If a message fails DMARC authentication, the receiving organization should honor the “disposition” you publish in your DMARC policy.
- This is the p= value in your DMARC record as follows.
- P=none –
Tell the receiver to take no actions against unqualified mail, but still send email reports to the mailto: in the DMARC record for any infractions.
- P=quarantine –
Tell the receiver to quarantine unqualified mail, which generally means “send this directly to the spam folder.”
- P=rejected –
Tell the receiver to directly reject/discard the message whoever fails the DMARC check.
DMARC record looks like as follows.
v=DMARC1; p=reject; pct=100; rua=mailto:firstname.lastname@example.org"
- v =DMARC1-
It is a protocol version. This is the identifier that the receiving server looks for when it scans the DNS record for the domain it received the message from. If the domain does not have a txt record that begins with DMARC1, the receiving server will not run a DMARC check.
- p=reject –
The policy you select in your DMARC record will tell the participating recipient email server what to do with mail that doesn’t pass SPF and DKIM, but claims to be from your domain.
- Pct=100 –
It tells the percentage (pct) of message subjected to filtering.
- rua=mailto:postmaster –
This part tells the receiving server where to send aggregate reports of DMARC failures. Be sure to include correct email address to receive daily reports.
- It is very important to note that DMARC is not a default standard, it is recommended to use for business domain, especially if you have encountered with spoofing before.
- DMARC is an important evolution of email authentication. Its helping email senders and receivers work together to better secure emails, protecting users and brands from any kind of malicious activities.
- Last but not the least, Protect your brand/company, don’t leave any subdomains to exploit or impersonate, for that matter.