DMARC, if you haven’t heard of it, is a new standard to help fight spam across the web. It was developed in collaboration by companies including Google, Yahoo, Apple, Microsoft and others. Eventually, it may lead to the end of most forms of spam as we currently know it.
The protocol used to send emails is very text-based, which makes it quite easy to spoof details of where email originated, and pretend that an email is coming from, say, Paypal, when really it’s a spammer or even scammer trying to steal your information.
How DMARC combats this is it reports to the controller of the domain any email that is being sent by any domain. This report is sent back to the controller of the domain to see who is spoofing email from their domain name. After awhile you go into “Reject” mode, meaning that email providers like Hotmail will see an email address from your domain that isn’t explicitly allowed using the DMARC policy of that domain, and it will be marked as spam.
This is an excellent policy that we think will yield some major dividends for users of email (i.e. everyone over time). It is still in the early days of DMARC but it will likely be a lot more effective then the formats that preceded it like SPF. Having said that when you setup the email policy for your company you should implement SPF, DKIM as well as DMARC.
