January 2022

  • DNS

    Definition and structure of DMARC record.

     As an online business owner, a positive reputation and clients’ trust are significant values that take time and effort to build. Therefore, they must be protected. Because for cybercriminals, those are means to kill two birds with one shot! They approach your clients spoofing your business image to get illegal profits from them. 

    DMARC record definition.

    DMARC or Domain-based Message Authentication, Reporting, and Conformance record is a mechanism to let e-mail senders and recipients identify if an e-mail is truly coming from the sender it claims to be. DMARC also helps to define the actions to take when the e-mail gets authenticated and when it fails the authentication.

    Once you set it up, it tells the recipient server to reject the e-mail, quarantine it, or allow its delivery. Besides, DMARC sends two kinds of reports, RUA (aggregated reports) and RUF (forensic reports), to give you total visibility about e-mailing. 

    RUA reports to you the IP addresses that have tried to pass on a message to a recipient using your domain name. It also includes an e-mail traffic overview. RUF reports are only sent in case of failures. They supply the headers of the original message and the original message.

    DMARC record structure.

    DMARC is a DNS TXT record type, and it has the following structure: a specific domain name, tags, and their corresponding values to tell the recipient’s mail server what to do.

    Example:

    “v=DMARC1; p=quarantine; rua=mailto:dmarc@exampledomain.com”

    Tags are: “v” indicating the DMARC version. The “p” means policy, and “rua”, the e-mail where you want to receive the aggregate reports.

    DMARC record’s available tags and values.

    • Version, “v”. The first and obligatory tag to have. It states the version of the protocol: valid value, DMARC1.
    • Percentage, “pct”. It expresses the percentage of filtering messages. “pct=50” means half of your company’s messages will be filtered by the recipient. Valid values, from 0% to 100%.
    • Subdomain policy, “sp”. It expresses the requested handling policy for subdomains.
    • Report format, “rf”. It declares a forensic reporting format or formats. Valid values, “afrf”, auth-failure report type), “arf”, abuse reporting format.
    • Report interval, “ri”. It’s used in the aggregate reporting interval. It supplies DMARC feedback for the defined criteria. The most used value is a daily report.
    • ADKIM, “adkim”. This is the alignment mode for the DKIM protocol. Valid values, relaxed mode, “r” and strict mode, “s”.
    • ASPF, “aspf”. This is the alignment mode for SPF. Valid values, relaxed mode, “r” and strict mode, “s”.
    • Policy, “p”. It tells the recipient server what to do—reporting, quarantining, or rejecting e-mails that fail the authentication process. Valid values are “none” (no specific action to be executed), “quarantine”, or “reject” the e-mail.
    • Failure reporting options, “fo”. It supplies options to generate report failures. Valid values, “0”, generate a DMARC report if all authentication mechanisms fail to produce an aligned “pass” result. “1”, generate a DMARC report if there’s something different than an aligned “pass” result. “d”, generate a DKIM report if the e-mail’s signature failed the check. “s”, generate an SPF report if the e-mail failed the SPF check.
    • Report e-mail address or addresses, “ruf”. It directs to addresses whose messages have forensic information to be informed: valid value, the e-mail address of the domain’s administrator.
    • Report e-mail address or addresses, “rua”. It’s to report URI or URIs for aggregate data. Valid value, the e-mail address of the domain’s administrator.

    Conclusion.

    The DNS DMARC record is an efficient mechanism for e-mailing to be safer! Enable DMARC record to protect your business and clients right now!