DMARC stands for Domain-based Message Authentication, Reporting and Conformance, and is another tool in your email-security toolbelt to help with ensuring that your email addresses are not fraudulently used by attackers.
As is discussed in our KB titled "Protecting your email with SPF, DKIM,and DMARC" there are three major components in email security that you can enable to help prevent these kinds of attacks: SPF, DKIM, and DMARC.
SPF and DKIM are technical controls that can be implemented to help ensure that email originates from trusted email servers and that the header information (e.g., the FROM address) hasn't been modified. However, DMARC provides instructions for how a receiving email server should handle the data found in your SPF and DKIM configurations. Further, DMARC can also be configured to send reports back to you about email spoofing attempts to help you gain and maintain visibility on those types of attacks.
DMARC is free and enabled in DNS, much like SPF and DKIM. To enable DMARC, you need to add a DNS TXT record with the name"_dmarc" and text similar to the following:
"v=DMARC1; p=quarantine; sp=quarantine; pct=100; ruf=mailto:dmarcreports@example.com; ruf=mailto:dmarcreports@example.com; ri=86400"
You can also check your domain for DMARC records by running the following command from a command prompt: "nslookup -type=txt_dmarc.yourdomain.com"
As a final note: Any time you're configuring SPF, DKIM, and DMARC records, you should perform these tasks outside of peak business hours and test email sending and receipt capabilities. While these techniques are simple to configure, they can have unintended consequences (e.g., denying legitimate email) if you make mistakes.
As always, Coalition is here to help you on your way. Please reach out to us for additional information!
Resources: