DMARC improves email authentication by building upon SPF and DKIM in a few key ways:
- Alignment check: DMARC requires the domain in the “From:” header of the email to align with either the domain specified by SPF or DKIM. This prevents attackers from using your domain name in the “From:” field while using a different domain that passes SPF/DKIM.
- Reporting: DMARC provides a reporting mechanism where receivers send feedback reports to the domain owner about messages claiming to be from their domain. This allows the owner to monitor for abuse and see how effective their SPF/DKIM implementation is.
- Policy enforcement: DMARC lets domain owners publish a policy in DNS specifying how receivers should handle messages that fail authentication (quarantine, reject, or just monitor). This allows a gradual rollout from monitoring to enforcement.
- Subdomain control: DMARC policies can be applied to subdomains, allowing owners to control authentication for things like marketing campaigns or partner domains that use their base domain.
- Aggregate and forensic reports: DMARC provides two types of reports – aggregate reports on overall volume and authentication results, and forensic “failure” reports with full message details to help debug issues.
So in summary, DMARC adds critical alignment checking, reporting, policy control, and subdomain support on top of the authentication provided by SPF and DKIM alone. This allows domain owners to more effectively prevent abuse of their domain in phishing attacks.
