DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol defined in RFC 7489 that builds upon SPF and DKIM to provide protection against email spoofing and phishing attacks.

What are RUA and RUF reports?

RUA (Aggregate Reports) provide daily summaries of email authentication results, while RUF (Forensic Reports) provide real-time failure reports with message samples when DMARC authentication fails.

How does DMARC prevent phishing?

DMARC prevents phishing by authenticating email messages using SPF and DKIM, then applying policy actions (none, quarantine, or reject) to messages that fail authentication, preventing spoofed emails from reaching recipients.

Back to home

DMARC Shield

Documentation

Complete guide to email authentication and DMARC implementation

Quick Navigation

What is DMARC?SPF & DKIM Email Threats Setup Guide Authentication Flow Benefits

What is DMARC?

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol that builds upon SPF and DKIM to provide a comprehensive defense against email spoofing and phishing attacks.

Key DMARC Capabilities:

Policy Enforcement: Define what happens to emails that fail authentication
Visibility & Reporting: Receive detailed reports about email usage of your domain
Alignment Checking: Ensure SPF and DKIM align with the From: header
Gradual Deployment: Implement policies progressively to avoid email disruption

Why DMARC is Essential

Without DMARC:

Attackers can easily spoof your domain
No visibility into unauthorized email usage
Brand reputation damage from phishing
Customer trust erosion

With DMARC:

Block unauthorized use of your domain
Detailed reporting on all email activity
Protect brand reputation and customer trust
Improve email deliverability

Understanding SPF and DKIM

SPF (Sender Policy Framework)

SPF allows domain owners to specify which IP addresses are authorized to send email on behalf of their domain.

Example SPF Record:

v=spf1 include:_spf.google.com include:mailgun.org ~all

Breakdown:

v=spf1 - SPF version 1
include:_spf.google.com - Allow Google's mail servers
include:mailgun.org - Allow Mailgun's servers
~all - Soft fail for all other servers

DKIM (DomainKeys Identified Mail)

DKIM uses cryptographic signatures to verify that emails haven't been tampered with and are actually from the claimed domain.

Example DKIM Record:

v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC...

Key Components:

v=DKIM1 - DKIM version
k=rsa - Key algorithm (RSA)
p=... - Public key data

Understanding Email Threats

Phishing

Fraudulent emails designed to steal sensitive information like passwords, credit card numbers, or personal data.

Example Phishing Attack:

From: security@yourbank.com (spoofed)

Subject: Urgent: Account Security Alert

Message: "Your account has been compromised. Click here to verify your credentials immediately."

Goal: Steal login credentials through fake login page

Email Spoofing

Sending emails with a forged sender address to make it appear as if the email came from someone else.

Example Spoofing Attack:

Real Domain: yourcompany.com

Spoofed From: ceo@yourcompany.com

Actual Source: Malicious server (not yourcompany.com)

Message: "Please process this urgent wire transfer to vendor..."

Goal: Business Email Compromise (BEC) - financial fraud

DMARC Authentication Flow

Here's how DMARC authentication works when someone receives an email claiming to be from your domain:

Authentication Process

Email Received

Recipient's mail server receives email claiming to be from your domain

SPF Check

Server checks if sending IP is authorized in your SPF record

DKIM Verification

Server verifies DKIM signature using your public key

DMARC Policy Check

Server looks up your DMARC policy and checks alignment

Action Taken

Server applies your policy: none, quarantine, or reject

Visual Authentication Flow

Email Sent

From: user@yourcompany.com

Authentication

SPF + DKIM + DMARC

Delivered

Authentication passed

Step-by-Step Setup Guide

1Add Your Domain to DMARC Shield

Start by adding your domain to our platform:

Sign up for your free DMARC Shield account
Click "Add Domain" in your dashboard
Enter your domain name (e.g., yourcompany.com)
Verify domain ownership via DNS TXT record

2Configure SPF Record

Set up SPF to authorize your email servers:

Add this TXT record to your DNS:

Type: TXT

Name: @ (or your domain)

Value:

v=spf1 include:_spf.google.com ~all

Note: Replace "_spf.google.com" with your email provider's SPF include. Common providers: Google Workspace, Microsoft 365, Mailgun, SendGrid.

3Set Up DKIM Signing

Enable DKIM through your email service provider:

Google Workspace

Go to Admin Console
Apps → Google Workspace → Gmail
Select "Authenticate email"
Generate DKIM key
Add provided TXT record to DNS

Microsoft 365

Go to Security & Compliance Center
Threat Management → Policy
Select "DKIM"
Enable DKIM for your domain
Add CNAME records to DNS

4Implement DMARC Policy

Create your DMARC policy with reporting:

Basic DMARC Record (Start with this):

Add this TXT record:

Type: TXT

Name: _dmarc

Value:

v=DMARC1; p=none; rua=mailto:dmarc@yourcompany.com

Advanced DMARC Record (After testing):

Full-featured DMARC:

v=DMARC1; p=quarantine; rua=mailto:dmarc@yourcompany.com; ruf=mailto:dmarc-forensic@yourcompany.com; fo=1; adkim=s; aspf=s; pct=100

Understanding RUA and RUF Reports

RUA (Aggregate Reports)

Daily summary reports showing authentication results for all emails from your domain.

Example RUA Configuration:

rua=mailto:dmarc-reports@yourcompany.com

Contains:

Volume of emails sent
Authentication results (SPF/DKIM pass/fail)
Source IP addresses
Sending servers
Policy compliance rates

RUF (Forensic Reports)

Real-time failure reports with message samples when authentication fails.

Example RUF Configuration:

ruf=mailto:dmarc-forensic@yourcompany.com

Contains:

Full message headers
Authentication failure details
Source information
Timestamp of failure
Reason for failure

Sample DMARC Report Data

<record>
  <row>
    <source_ip>203.0.113.1</source_ip>
    <count>1250</count>
    <policy_evaluated>
      <disposition>none</disposition>
      <dkim>pass</dkim>
      <spf>pass</spf>
    </policy_evaluated>
  </row>
  <identifiers>
    <header_from>yourcompany.com</header_from>
  </identifiers>
  <auth_results>
    <dkim>
      <domain>yourcompany.com</domain>
      <result>pass</result>
    </dkim>
    <spf>
      <domain>yourcompany.com</domain>
      <result>pass</result>
    </spf>
  </auth_results>
</record>

Benefits of DMARC Shield

Complete Visibility

• See all email sources using your domain
• Identify unauthorized senders
• Monitor authentication compliance
• Track email volume and patterns

Advanced Protection

• Block email spoofing and phishing
• Protect brand reputation
• Prevent BEC attacks
• Improve email deliverability

Threat Intelligence

• Real-time IP reputation analysis
• Automated threat classification
• Global threat intelligence feeds
• Predictive threat detection

Easy Implementation

• Step-by-step setup wizard
• Gradual policy deployment
• DNS record generation
• Expert support included

Real-time Alerts

• Instant threat notifications
• Policy violation alerts
• Suspicious activity warnings
• Custom alert rules

Enterprise Features

• Multi-domain management
• Role-based access control
• API integration
• Compliance reporting

Ready to Protect Your Domain?

Start your free 7-day trial and implement enterprise-grade email security in minutes.