top of page

DMARC Email Authentication

American government agencies are currently rushing to meet the January 15, 2018 deadline for implementing the DMARC protocol. DMARC stands for Domain Message Authentication, Reporting and Conformance. It's a security protocol that allows for reporting between email receivers and senders in order to discourage spoofing - sending fraudulent emails which appear to come from a legitimate domain as means of facilitating spam and phishing.

DMARC was developed in the private sphere and came into widespread use in 2012. The authentication process allows a receiver to check if a message comports with what is knows about a sender. The owner of a domain uses either a DomainKey Identified Mail (DKIM) or Sender Policy Framework (SPF) mechanism. The receiver must confirm that the header of a new message aligns using DKIM or SPF with authenticated domain names.

You can confirm with if a domain is using DMARC on this site. It will determine if the domain has a DMARC policy in place:

. . . and also provide an overall DMARC score.

bottom of page