DMARC is an open email authentication method that builds on existing standards SPF and DKIM and enables domain-level protection of the email channel. It’s the first technology that can prevent spoofing of the header from: domain (what users see in their email client).  DMARC defines how the receiver should handle messages depending on the results of SPF and DKIM checks.  If SPF and DKIM are enabled, DMARC will handle messages as follows:



Decision Matrix of DMARC Policies


The DMARC decision matrix shows how DMARC handles messages in case of passed or failed DKIM and SPF checks.


DMARC Decision Matrix

SPF and DKIM Check
DMARC Result 
Result
SPF pass + DKIM pass
DMARC pass
Deliver
SPF pass + DKIM fail
DMARC fail
Quarantine
SPF fail + DKIM pass
DMARC fail
Quarantine
SPF fail + DKIM fail
DMARC fail
Quarantine

The table shows that only if both the SPF and DKIM checks have been passed, the DMARC result is

positive and the email will be delivered. Otherwise, the email will be quarantined.


Enabling DMARC Checking for inbound mail


To use DMARC it is necessary to activate SPF Type 2 and/or DKIM for the desired domain.

• Activate SPF Type 2

• Activate DKIM

 

Send an email with the subject Enable DMARC to support@everycloudtech.com and include the following details:

•  For which domains you want to activate DMARC Checking

•  Verify whether or not SPF and/or DKIM are activated for these domains


DMARC Reporting

 

EveryCloud doesn’t provide any DMARC reporting services at this time, but you can create a DMARC policy record for your domain.

DMARC policies are published in the DNS as text (TXT) resource records (RR) and announce what an email receiver should do with non-aligned mail it receives. Here is an example of a basic DMARC policy record to start with:

v=DMARC1; p=none; fo=1; rua=mailto:someone@yourdomain.com;r uf=mailto:someone@yourdomain.com

 

 

Logging of inbound email filtered by DMARC


Emails detected by DMARC and found not to comply with the SPF and/or DKIM policies will be quarantined and displayed in the spam report and control panel.

These emails are displayed in the control panel with ase-dmarc as the reason.