- Reporting: DMARC-participating receivers agree to provide email authentication reports to sending domains. This allows the owners of these sending domains to understand the current state of email authentication for their domain, see legitimate services that may not be properly authenticating, and identify sources of domain abuse.
- Policy: With DMARC, sending domains can recommend how a receiver should treat an email that fails authentication, rather than leaving it to the discretion of the receiver. This allows sending domains to authenticate all sources of legitimate email over time, rather than requiring domain owners to fix all authentication issues immediately. A report-only policy of ‘p=none’ can be useful during this investigation phase, but domain owners should strive to reach an enforcement level of ‘p=quarantine’ or ‘p=reject’.
- Identity Alignment: There are multiple sources of identity in an email message (including the From address, DKIM signature identity, and Return-Path address). DMARC prioritizes the human-readable From address as a source of identity, and only considers authentication results for identities that are aligned with this From address. SPF and DKIM use different sources of identity, and so the authentication they provide will only prevent fraud if their source of identity matches the human-readable From address in some way.
73 Ocean Street, New South Wales 2000, SYDNEY
Contact Person: Callum S Ansell
P: (02) 8252 5319