About Domain-based Message Authentication, Reporting & Conformance (DMARC)

Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email validation system designed to detect and prevent email spoofing. It is intended to combat certain techniques often used in phishing and email spam, such as email messages with forged sender addresses that appear to originate from legitimate organizations. It provides a way to authenticate email messages for specific domains, send feedback to senders, and conform to a published policy.

DMARC is designed to fit into the existing inbound email authentication process of Hosted Email Security. The way it works, is to help email recipients to determine if the purported message aligns with what the recipient knows about the sender. If not, DMARC includes guidance on how to handle the non-aligned messages. DMARC requires the following:

  • A message passes the SPF check.

  • A message passes the DKIM signature check.

  • Its identifier domains are in alignment.

    Identifier alignment requires the domain authenticated by SPF or DKIM to be the same as or the parent domain of the message header domain.

By adding DMARC settings, Hosted Email Security allows you to specify actions to take on messages and add enforced peers to make sure email messages from certain sender domains always pass DMARC authentication.