credits: https://kdmarc.com/blog/why-are-spf-and-dkim-not-enough-for-securing-your-emails/
Domain based Message Authentication, Reporting and Conformance, i.e. DMARC, is an authentication protocol for emails intended to give the domain owners the capability to protect their domain from any activity which is not sanctioned. The intention behind implementation of the policy is to ensure protection of your email domain from any BEC attacks, scams, phishing emails or any other threat activities. As per statistics provided in a blog by retruster.com, FBI has stated that over $12 million was lost just to recover organizations from BEC scams.
Spammers can produce the “From” address on messages, so the spam seems to originate from a client in your area. A genuine case of this is PayPal ridiculing, where a spammer sends a deceitful email to you claiming to be PayPal with an end goal to acquire your record data. DMARC guarantees these deceitful messages get hindered before you even observe them in your inbox. Also, DMARC gives you incredible perceivability and reports into who is sending email in the interest of your space, guaranteeing just real email is gotten.
How does DMARC work?
DMARC is the email verification convention, while DKIM and SPF are the strategy which are intended for identification of manufactured sender email addresses. The procedure, which is commonly utilized in phishing, email spoofing.
DKIM
DKIM uses public key cryptography to ensure the email wasn’t tempered in its state of transit. The authentication also protocol helps in improving the brand reputation.
DKIM allows domain-based blacklists and whitelists to be more effective by allowing the signing domain to reliably recognize the stream of genuine emails.
SPF
SPF is an authorization protocol through which receiver can approve whether the messages professing to be sent from a domain is sent from the IP address approved by that domain.
This strategy plays a significant role in deciding who all are authorized to send emails on behalf of your domain. For ISPs, SPF is a path to confirm that a mail server is approved to send an email for a domain.
Through Gmail’s “Show Unique” feature, you can observe in emails’ header their SPF and DKIM marks.
With SPF and DKIM, it is dependent upon the ISP to choose how to manage the outcomes. DMARC makes it a stride further and gives you full control to set an approach to reject or quarantine messages from sources you don’t have the foggiest idea or trust, all dependent on the consequences and alignment of DKIM and SPF. For example, considering the case of PayPal, it being an enormous focus for email extortion, they distribute a DMARC record that says if DKIM or SPF fails, reject the message. Taking part ISPs will take a gander at this arrangement and dispose of the messages that fall flat. Through this method DMARC helped PayPal stop an expected 25 million attacks.
Like SPF and DKIM, this approach resides in DNS.
What about these reports?
ISPs that support DMARC will likewise create reports providing details regarding sending activity of your domain. The reports are XML documents that are emailed to the address specified in your DMARC record. The reports provide record of whether the message passed or failed SPF and DKIM along with the originating source (domain/IP). DMARC also gives you the authority to have control over your domain’s email security. Along with this, DMARC also provides the insights into who is sending mails on behalf of your domain and if they are, are they signing SPF and DKIM.
The issue with the reports is that you need to filter through an XML document.
How can KDMARC help?
Kratikal’s email security solution KDMARC helps you by creating and observing your DMARC records. By detecting and defending your emails from spoofing, the tool boosts your email engagement rates. KDMARC provides you full insight into email channel. Apart from this, KDMARC generates your reports into graphical format from XML, making it easier for everyone to observe and understand.