DNS-Based Defense: DMARC
Explore how DMARC enhances email security by working with SPF and DKIM to validate messages. Understand policy options like quarantine and reject, and learn how DMARC reporting helps identify and troubleshoot forged email sources, improving your organization's phishing defense strategy.
We'll cover the following...
Introduction #
DMARC, or Domain-Based Message Authentication, Reporting, and Conformance is another DNS-based email tool. It’s built on top of SPF and DKIM and has two main uses. First, it can be used to help troubleshoot complex SPF and/or DKIM rules. Second, it can be used to collect forged emails for later analysis. Let’s take a look at the DMARC records in use for punkgrok.org. We do this by looking at the TXT DNS records for _dmarc.punkgrok.org, as follows:
The output should be similar to the following:
; <<>> DiG 9.8.3-P1 <<>> _dmarc.punkgrok.org txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16424
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;_dmarc.punkgrok.org. IN TXT
;; ANSWER