Skip to main content

RFC 7489 - Domain-based Message Authentication, Reporting, and Conformance (DMARC)

Publication Date: March 2015
Status: Informational
Authors: M. Kucherawy (Ed.), E. Zwicky (Ed.) - Yahoo!

Abstract

Domain-based Message Authentication, Reporting, and Conformance (DMARC) is a scalable mechanism by which a mail-originating organization can express domain-level policies and preferences for message validation, disposition, and reporting, that a mail-receiving organization can use to improve mail handling.

Originators of Internet Mail need to be able to associate reliable and authenticated domain identifiers with messages, communicate policies about messages that use those identifiers, and report about mail using those identifiers. These abilities have several benefits: Receivers can provide feedback to Domain Owners about the use of their domains; this feedback can provide valuable insight about the management of internal operations and the presence of external domain name abuse.

DMARC does not produce or encourage elevated delivery privilege of authenticated email. DMARC is a mechanism for policy distribution that enables increasingly strict handling of messages that fail authentication checks, ranging from no action, through altered delivery, up to message rejection.

Table of Contents

  • 1. Introduction
  • 2. Requirements
    • 2.1. High-Level Goals
    • 2.2. Out of Scope
    • 2.3. Scalability
    • 2.4. Anti-Phishing
  • 3. Terminology and Definitions
    • 3.1. Identifier Alignment
    • 3.2. Organizational Domain
  • 4. Overview
    • 4.1. Authentication Mechanisms
    • 4.2. Key Concepts
    • 4.3. Flow Diagram
  • 5. Use of RFC5322.From
  • 6. Policy
    • 6.1. DMARC Policy Record
    • 6.2. DMARC URIs
    • 6.3. General Record Format
    • 6.4. Formal Definition
    • 6.5. Domain Owner Actions
    • 6.6. Mail Receiver Actions
    • 6.7. Policy Enforcement Considerations
  • 7. DMARC Feedback
    • 7.1. Verifying External Destinations
    • 7.2. Aggregate Reports
    • 7.3. Failure Reports
  • 8. Minimum Implementations
  • 9. Privacy Considerations
    • 9.1. Data Exposure Considerations
    • 9.2. Report Recipients
  • 10. Other Topics
    • 10.1. Issues Specific to SPF
    • 10.2. DNS Load and Caching
    • 10.3. Rejecting Messages
    • 10.4. Identifier Alignment Considerations
    • 10.5. Interoperability Issues
  • 11. IANA Considerations
    • 11.1. Authentication-Results Method Registry Update
    • 11.2. Authentication-Results Result Registry Update
    • 11.3. Feedback Report Header Fields Registry Update
    • 11.4. DMARC Tag Registry
    • 11.5. DMARC Report Format Registry
  • 12. Security Considerations
    • 12.1. Authentication Methods
    • 12.2. Attacks on Reporting URIs
    • 12.3. DNS Security
    • 12.4. Display Name Attacks
    • 12.5. External Reporting Addresses
    • 12.6. Secure Protocols
  • 13. References
    • 13.1. Normative References
    • 13.2. Informative References

Appendices

Last updated on