Prior attempts at security have failed to solve email’s fundamental flaw—anyone can send email using someone else’s identity. This flaw has put the power of the world’s most admired brands in the hands of cybercriminals. Through email, criminals can use almost any brand or email domain to send spam, phishing emails, and malware installs, inflicting direct losses to customers and eroding the brand equity companies have spent years building.
Many of the most respected brands in the world, including Facebook, Apple, JPMorgan Chase, and PayPal have adopted DMARC to protect their customers and their brand.
Using DMARC, companies gain unprecedented visibility into legitimate and fraudulent mail sent using their domain names. The magic of DMARC is the ability to understand all the different mail streams being sent claiming to be from you—third parties, business units, and threat actors. The overall impact to companies that have adopted DMARC is preservation of brand equity, elimination of customer support costs related to email fraud, and renewed trust and engagement in the company’s email channel.
DMARC—an open standard enabled on 70% of the world’s inboxes—is the only solution that enables Internet-scale email protection and prevents fraudulent use of legitimate brands for email cyberattacks.
DMARC (Domain-based Message Authentication, Reporting and Conformance) is an open email standard published in 2012 by the industry consortium DMARC.org to protect the email channel. DMARC extends previously established authentication standards for email and is the only way for email senders to tell email receivers that the emails they are sending are truly from them. DMARC allows companies that send email to:
When you set a DMARC policy for your organization, you as an email sender are indicating that your messages are protected. The policy tells a receiver what to do if one of the authentication methods in DMARC passes or fails.
How it Works
When emails are received by the mailbox provider, the receiver checks if DMARC has been activated for your domain.