Glossary

DMARC Authentication

What is DMARC authentication?

DMARC authentication (Domain Message Authentication Reporting and Conformance) is a relatively new authentication standard that was established to block domain spoofing, in which an attacker uses your company's domain to impersonate someone working for the company.

DMARC includes two main components:

  1. Reporting

    First, DMARC-enabled mail systems generate reports on all systems being used to send email from your domain. A DMARC reporting solution can help you both to set up a DMARC subdomain on your DNS record, and analyze these reports to determine which email senders are legitimate, and which appear illegitimate. You can then use these insights to configure the email authentication policies (DKIM and SPF) on all of your mail systems so that legitimate senders are recognized as such.

  2. Screening

    Second, after you are confident that your legitimate mail systems correctly pass DMARC authentication, DMARC’s enforcement capability provides a mechanism to automatically reject emails that are not sent from your legitimate mail systems. This effectively prevents an attacker from spoofing your domain.

Why DMARC authentication is important

More than ninety-six percent of businesses have experienced domain spoofing, intended either to trick company employees, customers, or partners into sending sensitive information or transferring funds. Attackers may also spoof your domain in order to launch spam campaigns.

DMARC authentication can help prevent all forms of domain spoofing. It is required for all US government agencies and contractors, and a growing number of countries, including the United Kingdom and Germany [ADD LINKS], have made it mandatory for all public institutions.

What you can do

User training can help reduce your organization’s vulnerability to domain spoofing, but DMARC adds a strong layer of defense to keep domain-spoofing attempts from ever hitting your inboxes.

Barracuda Sentinel is a 100% cloud-delivered service that provides a comprehensive and intuitive solution for DMARC authentication. It gives you a simple three-step wizard to set up your DMARC record, and provides continuous visualization and monitoring of both legitimate email systems and domain-spoofing attempts. Barracuda Sentinel lets you drill down into specific mail systems, and even into specific email samples. This gives you visibility into all the mail systems in use in your organization, and helps you understand where domain-spoofing attacks are coming from.

Sentinel also provides automated user training to help staff get better at spotting and rejecting phony emails used for domain-spoofing, CEO fraud, phishing, or spear phishing.

Learn More

Contact us now to learn more about Barracuda Sentinel and sign up for a free DMARC evaluation.