DMARC is a very short acronym for a very long security protocol name: Domain-based Message Authentication, Reporting, and Conformance. It’s a system that verifies if email messages are actually being sent from the addresses they claim they are.
Have you ever heard of “spoofing?” A spoofed email address looks real when a message is received, but it’s just a disguise, coming from an illegitimate sender, that has tricked your mail server. Messages like this are often used for sending people malware or tricking them into providing personal, account, or banking information, called “phishing.”
Email providers and other Internet organizations set up DMARC for their domains to protect as many people as possible from impersonators like this.
There are three main components that work together to verify if an email has been sent legitimately and hasn’t been hijacked:
DMARC Record
A simple DNS record that gives instructions on what should happen when a mail server finds that an incoming message is not authentic, such as quarantining it as spam, rejecting it entirely, or allowing it to come through anyway.
SPF Record
SPF stands for Sender Policy Framework. It’s also a DNS record, but a bit more complicated. They contain lists of trusted IP addresses and approved email vendors that are allowed to send emails from their domain. When an incoming message is received by a mail server, that server will do a DNS lookup to find the sender domain’s SPF record to make sure the email matches what is approved in their lists. If it doesn't, then it is automatically rejected.
DKIM
DKIM stands for DomainKeys Identified Mail. It basically signs each email digitally, proving that it was actually sent from your domain and wasn’t changed while in transit.
Do I Need To Set Up DMARC?
If you’re using Thundermail and you decide to use the default domains (@thundermail.com or @tb.pro), we already take care of DMARC for you since we own and control those domains!
However, if you use a custom domain for your Thundermail address, we do have you enter simple DMARC text records in your DNS settings at your domain provider, which takes care of all the above. Don’t worry, we will step you through the process right in your Thundermail dashboard when you add your custom domain.
One last note - While a rare case, if you plan on sending more than 5,000 messages a day, please do reach out to us so we can help point you in the right direction for a more advanced DMARC setup.