DMARC enhances how email receivers interpret the results from email authentication by building on the existing and well-known SPF and DKIM mechanisms.
Email senders remain largely unaware of potential problems with their authentication practices. The existing solutions do not provide scalable solutions to supply feedback to the domain owners and a source for this feedback to be sent to. This is especially important for those attempting to launch new SPF and/or DKIM deployment records. This can cause the projects to proceed very slowly because of the lack of feedback and it means there are limited solutions to monitor progress and debug problems.
DMARC is working to address these issues, by helping email senders and receivers work together to produce better and more secure emails, adding additional protections for both users and brands from fraud, scams, and malware.
Many of the largest ISPs have already started implementing DMARC including: AOL, Gmail, Hotmail, and Yahoo!.
How DMARC Works:
A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or DKIM, and tells a receiver what to do if neither of those authentication methods passes – such as junk or reject the message. DMARC removes guesswork from the receiver’s handling of these failed messages, limiting or eliminating the user’s exposure to potentially fraudulent & harmful messages. DMARC also provides a way for the email receiver to report back to the sender about messages that pass and/or fail DMARC evaluation.