Definition

DMARC consolidates SPF and DKIM into a policy that domain owners publish as a DNS TXT record. Receivers check inbound mail against the policy and apply the directive: p=none (monitor only), p=quarantine (send to spam), or p=reject (drop entirely). Combined with aggregate reporting, DMARC gives domain owners visibility into who is sending mail claiming to be from their domain - legitimate and fraudulent - and the tools to lock down the brand. Most organizations sit at p=none for years. Moving to p=reject is the actual security benefit and is a 6-12 week project of authenticating every legitimate sender. Symantec Email Security provides DMARC enforcement (on inbound) and analytics (for outbound hardening). See our DMARC playbook.

Symantec products that implement this

  • Symantec Email Security.cloud - Cloud-based email protection with anti-phishing, BEC defense, attachment sandboxing, URL rewriting, impersonation detection, and email continuity.

Related terms

  • SPF (Sender Policy Framework) - Email authentication standard that lists authorized sending IPs / domains for a given sender domain via DNS TXT records.
  • DKIM (DomainKeys Identified Mail) - Email authentication using cryptographic signatures placed in headers by the sending mail server.
  • BEC (Business Email Compromise) - Email fraud where attackers impersonate executives or trusted partners to authorize fraudulent wire transfers or data disclosure.
  • Phishing - Social-engineering attacks that trick users into revealing credentials, clicking malicious links, or downloading malware.

Deep-dives on DMARC