Cyber Security. 21.05.21

A closer look at how DMARC works

This blog is part two of three in our blog series on DMARC.

Now that you know the basics of Domain-Based Message Authentification Reporting and Conformance (DMARC), it's time to take a closer look at its workflow in email security, and the various components involved. The main goal of DMARC is to prevent your company's email domain from being used for email spoofing, phishing scams and other cybercrimes. 

The workflow of DMARC involves the receiving email gateway validating the SPF record of the sending domain and validating the DKIM signature of the sending domain.

The below figure shows standard DMARC architecture and email workflow. Every email sent will be associated with the email server IP Address and DKIM signature of the organisation.

DMARC Prcoess

Here is a breakdown of how the process of DMARC validation works

  • The receiving email server would decrypt the email and figure out the sender domain, senders email server address and senders DKIM signature in the Header.
  • The receiving email server would look for the SPF record of the sending email server domain and match the IP Address of the email server.
  • Once the IP address of the sending email server matches the SPF record, it would be tagged as SPF Complaint.
  • The email server then looks for the DKIM signature record of the sending email server domain.
  • The private key associated with the email is matched with the public key of the sending email server.
  • If the keys match, the receiving email server will tag the email as DKIM compliant.
  • The receiving email server would look into the DMARC complaint policy and take action accordingly.
  • If the DMARC complaint policy is rejected and the SPF/DKIM is not compliant, then the email would be rejected by the receiving email server.
  • If the DMARC compliant policy is quarantine and the SPF/DKIM is not compliant with the receiving email, it would be quarantined by the receiving email gateway.
  • If the DMARC compliant policy is none, no action is taken by the receiving email gateway and the email is delivered to the recipient.

DMARC is a powerful tool when implemented correctly and plays a crucial role in mitigating most of the cybercrime happening in the email security world. Read the next blog in our series to learn how to master email security with DMARC.


If you liked this article, you may also like:

Red Teaming: getting down to basics

Red Teaming and the origins of anonymous hacking

What do you do after a data breach

Author

Kingshuk Sinha