Blog - Archives

In our striving to make Zerospam an always better service and our constant fight against spam, we recently integrated the DMARC technology to our email security solution.

Like SPF, DMARC is a free declaration in your DNS zone and it will increase your email security, preventing phishing attacks and email spoofing of your domain for you and your contacts.

DMARC (Domain-based Message Authentication Reporting and Conformance) is the perfect SPF complement. When SPF works at the envelope from level, DMARC works at the content-from level.

When a DMARC record is published, we check if one of these two conditions is met:
1. The content from address and the envelope address (return-path) are the same
2. The message contains a valid DKIM signature

A DKIM signature is a cryptographic key that proves that you have authorized the sending of a specific message. It works together with DMARC. Very useful if you use a third party for your marketing campaign: you will want to collaborate with these third parties to publish a DKIM key so your recipient know that you have authorized the sending of this email on your behalf.

Here is an example of a spam that SPF alone would not detect but DMARC would catch: let’s say you are receiving an email supposed to be coming from your contact but is actually coming from a spammer. The spammer is using a different domain to send at the envelope level so your SPF record will not help you. Since we check the DMARC record, we will check if there is a DKIM signature and since the spammer cannot forge it, we will see that there is no valid DKIM signature. Since neither of the conditions are satisfied, we will believe that the email might be a spoof and will quarantine it.

DMARC is very efficient against the dreaded CEO Fraud, it is an easy thing to set up and we can help if you do it if you need to.

Be safe, publish a DMARC record now!