Last updated: 
3 weeks 2 days ago
Blog Manager
I'm the Information Security Manager at Janet and through this blog I'll be sharing some of my experiences, ideas and thoughts on information security topics.

Group administrators:

Using DMARC for e-mail visibility

Friday, September 16, 2016 - 10:05

In anything other than the smallest organisations getting insight into how e-mail is being used can be difficult. Cloud based e-mail means that you no longer know technical details of even a trivial implementation, and colleagues can quickly setup SaaS services that send e-mail from your domains without involvement from IT.

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an e-mail authentication framework that builds upon DKIM (Domain Keys Identified Message) and SPF (Sender Policy Framework). It instructs recipients of e-mail how to authenticate e-mail from your domain, and also provides a mechanism for recipients to report back on authentication successes and failures.

Even without authenticating e-mail (by setting DMARC policy of ‘none’), these reports can provide useful intelligence on what e-mail the world is seeing that claims to come from your domain. This could allow you to identify unexpected flows of e-mail, unauthorized SaaS platforms, and phishing campaigns using your domain.

By publishing a TXT record in your DNS at _dmarc.yourdomain.org of

v=DMARC1\; p=none\;rua=mailto:someaddress@yourdomain.org

you’ll start to receive XML DMARC reports (depending on the volume of e-mail your domain sends of course). Libraries are available in several languages for processing these reports and commercial tools such as dmarcian are also available.

More information on DMARC can be found on its website. The M3AAWG have published some useful training videos to help you implement DMARC.