DMARC – Protect Email from Fraud Use and Blocks

Without DMARC security settings against your Internet domain;

  1.  someone can send emails as YOU.
  2. your legitimate emails sent to legitimate desinations can be blocked.  In short, you appear to be the fraudster.

In #1 Your customer got an email from your office (stacy@yourcompany.com) to wire funds. One of three things happened.

  • Stacy sent it.
  • Stacy’s PC apparently got a virus and auto sent the email.
  • Stacy is vacation and her computer is off. Some criminal spoofed stacy@yourcompany.com. (the likely scenario)

In #2 your email bounced back with an error messsage have the words “unauthenticated, blocked, SPF, DKIM, security risk”

The DMARC Spec

Domain-based Message Authentication Reporting and Conformance (DMARC) settings tells receivers of emails with your domain name how to run a valid security check. Your IT guy adds the following TXT records to your domain name.

  • SPF lists valid email senders by IP address such as the IP address of your email server or range of IP addresses of your mass email marketing service.
  • DKIM is an email security setting much like a code word “so and so sent me and the code word is xxx”
  • DMARC tells a receiver what to do if those authentication methods fail. Choices are
    • None = do nothing but tell someone that it happened such as the DMARC report collection service we use
    • Quarantine = send the email to a spam folder
    • Reject = reject the email.

In short, DMARC protects your email brand.  Take this test. You will find our record and that of many respected companies are “all green”

Many IT consultants don’t establish Dmarc records for themselves nor for their customers

First lookup at our fully secure and properly setup (aggressive setting of reject) Dmarc record. We use a popular industry tool not at all connected with Infotel Systems.

https://mxtoolbox.com/SuperTool.aspx?action=dmarc:infotelsystems.com

infotelsystems.com gets all green check marks.

So do the “FANG” technology companies  facebook.com, amazon.com, apple.com, netlfix.com, microsoft.com, google.com. So do the popular email domains yahoo.com and aol.com.

gmail.com and hotmail.com have not yet adopted.

Other DMARC information resources

https://www.nist.gov/publications/email-authentication-mechanisms-dmarc-spf-and-dkim
https://dmarc.org
https://dmarcian.com