|DMARC and DKIM Records
|December 13, 2023
This article was developed to describe the differences between DMARC and DKIM Records.
***For information specific to the Sender Policy Framework (SPF) protocol, see the following article: https://support.forthcrm.com/hc/en-us/articles/12854150305683-Adding-an-SPF-Record
What is DMARC?
DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is an email authentication, policy, and reporting protocol. It builds on the widely deployed Sender Policy Framework (SPF) and DomainKeys Identified Message (DKIM) protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor the protection of the domain from fraudulent email.
How does it work?
A DMARC policy allows a sender to indicate that their messages are protected by SPF and/or DKIM, and tells a receiver what to do if neither of those authentication methods passes – such as junk or reject the message. DMARC removes the guesswork from the receiver’s handling of these failed messages, limiting or eliminating the user’s exposure to potentially fraudulent & harmful messages. DMARC also provides a way for the email receiver to report back to the sender about messages that pass and/or fail DMARC evaluation.
In summary, DMARC helps the end user by making it easier for their mailbox provider (e.g. AOL, Comcast, Hotmail, Gmail, Yahoo) to keep spam and phishing messages from ever reaching their inbox.
To access a DMARC Record Checker tool, click HERE.
To access a DMARC Record Generator, click HERE.
For further information on DMARC, go to dmarc.org.
What is DKIM?
Domain Keys Identified Message, or DKIM, is a signature-based Email Authentication technique. It is the result of merging the Domain Keys and Identified Internet Mail specifications, and has been published as a Standards Track document by the IETF as RFC4871 in 2007, and updated as RFC6376 in 2011. RFC6376 was updated by RFC 8301, RFC 8463, RFC 8553, RFC 8616
How does it work?
DKIM attaches a new domain name identifier to a message and uses cryptographic techniques to validate authorization for its presence. The identifier is independent of any other identifier in the message, such as the author's From: field.
To access a DKIM Record Checker, click HERE.
More information is available from DKIM.org
IMPORTANT: The Forth Support Teams are not able to assist clients with configuring their own DKIM and DMARC records.
Article Version History:
|Provided updated reference to the status of RFC6376.