What is a DMARC record and how does it help combat spam?

Most successful attacks on computers and networks still result from malware, trojans, and viruses that spread not through security vulnerabilities into an IT infrastructure, but through infected emails. To combat this ongoing threat, corporations such as PayPal, Microsoft, Google, and Facebook developed the Domain-based Message Authentication, Reporting, and Conformance (DMARC) specification, based on predecessors like DomainKeys Identified Mail (DKIM) and the Sender Policy Framework (SPF). These are similar methods to authenticate emails and verify their senders to detect SPAM and false sender data (spoofing).

What are the benefits of DMARC in protecting against SPAM?

Until 2003, mail clients and servers completely omitted checking emails for their origin and the authenticity of the senders - the systems delivered every message without requiring any proof of identity. This led to SPAM as well as forged addresses (spoofing) being easily used to assume a false identity, for example, to gather sensitive information (phishing). It was only with the initially unofficial SPF - a precursor to DMARC - that the situation changed. Since then, there has been a broad consensus that strict control of emails is a minimal requirement for secure communication over the Internet.

The DMARC specification defines, following SPF and DKIM, a third set of higher standards for checking and handling an email. Some of its features include:

• Checking the origin against an authorised server (according to SPF)
• Verification and authentication of the mail server's signature (following DKIM)
• Easy implementation with VPS hosting and Dedicated Server
• Identical domain and associated mail server in the FROM header
• Classification of an email based on different criteria
• Configuration via TXT entry in DNS
• Option for a strict policy to reject SPAM
• Simultaneous support for DKIM and SPF

With DMARC, it is not a replacement but rather a complement to its predecessors SPF and DKIM. It allows for increased specialisation and a more precise gradation of criteria. Among other things, it supports differentiation between main and subdomains and the redirection of emails according to the desired policies, which can be defined differently depending on the source and verification.

How is the TXT record structured for DMARC?

Like SPF and DKIM, DMARC uses a TXT record stored by the administrator in the nameserver to configure the type of control and behaviour in compliance or violation of the policy. The essential prerequisite for use is the prior implementation of SPF and DKIM through a corresponding TXT record. DMARC then consists of the following components:

• v: DMARC and version number as a trigger for use
• p: Policy used for a Domain
• sp (optional): Policy used for a subdomain
• pct (optional): Percentage of messages passing the filter
• rua (optional): Email address for sending reports from external servers
• ruf (optional): Email address for receiving forensic reports
• rf (optional): Format of the reports
• adkim: Alignment with DKIM
• aspf: Alignment with SPF

It is important to maintain the formal syntax for a TXT record - all configurations for DMARC are exclusively in its text field, with individual parameters separated by a semicolon. A typical, complete DMARC record looks like this, for example:

www.example.com. 7200 IN TXT "v=DMARC1;p=quarantine;sp=reject;pct=100;rua=mailto:dmarc@example.org;ruf=mailto:forensik_dmarc@example.org;adkim=s;aspf=r"

A combination of multiple TXT records is possible to combine multiple options together.

Image: Gino Crescoli on Pixabay