What is DMARC?
DMARC stands for Domain-based Message Authentication, Reporting and Conformance. It is a protocol that was built on top of the existing protocols SPF and DKIM.
DMARC does a few things:
1. It takes into account the results from SPF and DKIM
2. It requires not only for SPF or DKIM to pass but for the domain used by either one to also align with the domain found in the From address in order for DMARC to pass.
3. Reports SPF, DKIM and DMARC results back to the domain found in the From address (ie. sender).
4. Tells receivers how to treat emails that fail DMARC validation by specifying a policy in DNS.
5. Stops people from trying to impersonate your domain
Without a DMARC record, an attacker can easily impersonate you domain. They can make an email look like it's from you when in reality, it isn't. Email impersonation attacks have cost companies $12.5 billion.
What is a DMARC Record?
DMARC uses DNS to publish information on how an email from a domain should be handled (e.g., do nothing, quarantine the message, or reject the message). Because it uses DNS, nearly all email systems can decipher how email supposedly sent from your domain should be processed. This factor also makes it simple to deploy because it only a requires 1 DNS change to set it up (via a DMARC (TXT) record).