How does DMARC work?

DMARC combines two existing technologies to authenticate emails coming from your domain, which are SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail),both have been introduced and discussed in previous chapters. 

Given below is a diagram to illustrate the DMARC authentication process:

To Recap

When you implement SPF for your domain, you publish an SPF record to your DNS. When a receiver gets an email from your domain, it will compare the sender’s IP address with the list of authorized IPs stored in your SPF record. If the receiving server encounters an email from an IP, not in this list, the message will fail SPF.

Meanwhile, DKIM attaches a digital signature to authorized emails. When an unauthorized sender tries to send an email from your domain or tampers with your emails, the receiving server can detect this and stop the email from being delivered.

In order for a message to be DMARC-approved, it has to pass either SPF or DKIM authentication.

DMARC Authentication Process

Email without DMARC:

• An email is sent from business.com to receiver.com
• receiver.com’s Mail Transfer Agent (MTA) has no mechanism to authenticate the email sender (business.com)
• All emails sent from business.com are delivered to the recipient's inbox without being validated.
• If any of the emails from business.com were sent by an attacker impersonating them, these fraudulent emails have also been delivered to receiver.com.

Email with DMARC: 

• An email is sent from business.com to receiver.com
• receiver.com’s Mail Transfer Agent (MTA) looks up the SPF, DKIM, and DMARC records of business.com (on their DNS) to authenticate the sender
• If the sender is authenticated, the email is delivered to the recipient.