Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email-validation system designed to detect and prevent email spoofing. It can be used to defend against certain types of email attacks, including phishing and email spam. In these types of attacks, the email sender's address is forged, but the email itself appears to be legitimate. DMARC attempts to counter the illegitimate usage of the exact domain name in the From: field of email message headers.
A DMARC policy allows a sender's domain to indicate that their emails are protected by Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM) or both. The DMARC policy instructs receivers as to what to do if neither of those authentication methods passes (for example, rejecting the message). DMARC makes explicit how to handle these types of failed messages. DMARC policies are published in the public Domain Name System (DNS).
To ensure the sender trusts this process, receivers send daily aggregate reports indicating how many emails have been received and if these emails passed SPF, DKIM, or both and were aligned. The sender can examine any failed IP addresses and identify the domains responsible for distributing fraudulent email.
To configure DMARC on your domain, complete the following steps:
- Login to the Barracuda Sentinel dashboard at https://sentinel.barracudanetworks.com/signin.
- Click the menu button at the top left of the dashboard and select Domain Fraud.
- Click Set Up and follow the instructions. You begin by checking that your SPF record is valid. Click CHECK MY SPF.
- If your SPF record is valid, you can move on by clicking CONFIGURE DMARC.
If you need to configure your SPF record, follow the instructions.
- Configure your DMARC record. Once you have updated your DNS record, wait a few minutes and then confirm the DNS update by clicking CHECK MY DMARC.
- Repeat this step for all the domains you want to protect with DMARC.