Limited Time Offer: Save up to 20% on a new CIS SecureSuite Membership | Learn more
Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In CIS Hardened Images CIS Hardened Images Support CIS Support


Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world

About Us Leadership Principles Testimonials


secure your organization
Secure Your Organization

secure specific platforms
Secure Specific Platforms

cis securesuite CIS SecureSuite® Learn More      Apply Now  
u s state local tribal and territorial governments
U.S. State, Local, Tribal & Territorial Governments

View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities

CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers




filter by topic
Filter by Topic

View All Resources  
CIS Logo Show Search Expand Menu

How DMARC Advances Email Security

DMARCWhile some identity management protocols such as multi-factor authentication have made modern advancements, others – like email authentication – have remained stuck in the 90s. Yet, email remains one of the most common forms of communication for business and personal use. That also makes it a target for cybercriminals who often use email to conduct phishing attacks. DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a policy that helps protect organizations by validating email senders. It’s like an identity check for your organization’s domain.

What is it?

DMARC is an email authentication, policy, and reporting protocol. Implementing DMARC identifies spoofed phishing emails from cybercriminals by validating the sender’s identity. DMARC allows senders to show that their messages are protected, and tells the recipient what to do if an authentication method fails. It was started in 2012 in an effort to combat email fraud and provide reporting on authentication. Today, it’s used by major organizations and websites including Gmail, Facebook, and Microsoft.

How DMARC works

Implementing a DMARC policy allows senders to indicate that their email messages are protected, and tells the recipient what to do if authentication fails (such as reject the message or send it to the “junk” folder). In technical terms, DMARC uses SPF and DKIM to validate the identity of an email message. Then, it follows a set of rules to deliver “validated” messages and reject or quarantine “spoofed” ones. This minimizes the number of potentially malicious messages (phishing, spoofed, spam) making it to your inbox. Over 4.8 billion inboxes worldwide are currently protected by DMARC policies, according to the Global Cyber Alliance.

Cybersecurity benefits of DMARC

Implementing a DMARC policy protects against direct domain spoofing, a common vector for phishing attacks. However, it cannot block all types of phishing, such as cousin domain attacks which use lookalike domains (c1security.org vs cisecurity.org, for example) or display name abuse. DMARC can also help with:
• Brand protection, by preventing spammers and phishers from using valid organization names
• Increasing deliverability of valid messages
• Visibility, with reports that provide information on unauthorized systems sending email using the organization’s domain

Getting started with DMARC

Organizations should work with their IT security teams to ensure DMARC is properly implemented. This is an important cyber defense practice for preventing phishing and ensuring your organization’s integrity when sending email messages. To get started, sign up for Global Cyber Alliance’s DMARC Bootcamp on Sept. 9, 2019. You’ll learn everything you need to implement a DMARC policy within your organization.