DMARC
DMARC stands for Domain-based Message Authentication, Reporting and Conformance. DMARC is a mechanism that allows senders and receivers to monitor and improve protection of their domain from fraudulent email. Implementation of DMARC will ensure mail recipients can detect when spammers have spoofed the “From” address on mail messages.
There is growing support for DMARC. In June 2016, the U.K. government mandated that all U.K. government departments adopt DMARC, and the CERT-EU has also made a recommendation for the use of DMARC. In October 2017, the U.S. Department of Homeland Security issued Binding Operational Directive 18-01, which requires the adoption of DMARC by federal civilian domains.
The governments of the Netherlands and New Zealand followed suit in 2018, and in 2019 Australia did as well.
In 2020, Denmark required all authorities to implement a DMARC policy of ‘reject’ on all domains they own. Canada also released its Implementation Guidance on email domain protection.
GCA discovered, however, that despite the tremendous benefits of DMARC, it was not being widely deployed in the public or private sectors. We wanted to provide guidance for any organization or user to implement DMARC. So GCA assembled these resources about DMARC and a step-by-step DMARC Setup Guide, available in 18 languages, to help organizations of all sizes implement DMARC.