Misconceptions of DMARC

1) DMARC is an enhanced spam filter

DMARC is a relatively new framework first published in early 2012, with its primary purpose being to protect you from being impersonated over email communication. This gives a new paradigm to 'email security' where, unlike most people's perception, this secures your outbound emails by authorizing your legitimate email sending sources rather than your inbound. The new paradigm shift may lead many corporations to become aware of the importance of implementing the DMARC framework.

2) Why implement DMARC if some receivers are not checking.

A great number of us have wondered, what if the receiver is not validating my DMARC record, they will still be vulnerable to attacks impersonating my domain, in which case DMARC is not stopping all of my email spoofing attacks.

You are definitely correct here, BUT a good way to perceive this notion is that even if the receiver may or may not get my impersonated emails in their inbox due to them not validating my DMARC record, doesn’t mean that I shouldn’t implement DMARC to protect the domain that I own.

This way even if someone tries to raise a court case against you, they will not succeed as you have taken all the correct measures to protect your domain, and it is their responsibility to enable DMARC check on their inbound email traffic. This shifts the liability onto the email recipient.

alt text

3) DMARC will affect my legitimate email deliverability.

Just the simple DNS configuration of a DMARC record worries the IT staff/Email admins. The concern on possible impact on the current email flow, which is addressed in our article ‘DMARC policies .

The ‘none’ policy of DMARC is the monitoring mode, which has NO impact on the email flow. The reason for applying this policy is to analyze the DMARC reports being sent to you by your email recipients without any impact to your emails.

These reports include where your emails are originating from, the result of your SPF and DKIM authentication when your recipients attempt to validate your email, along with the action they applied to those emails (inbox, mark as spam, or reject). Through these reports you get an overview of your outbound emails.

4) Always configure DMARC alignment of SPF & DKIM to Strict!

We may think that it is ‘more secure’ to configure the strict alignment mode of SPF & DKIM, because the word ‘strict’ is a more solid and fortified state.

However, this is an easily misinterpreted situation. For a better understanding read our blog on DMARC alignment to understand the purpose and why some of the times the relaxed mode is what may suit your email infrastructure.