Why is DMARC Wrong Policy Evaluation
In a recent study, Verizon Business found that 94% of successful breaches started with emails. Luckily, DMARC can help organisations avoid these breaches. By providing recipients with a reliable way to identify emails that have been sent by unknown senders, DMARC is one way to ensure that your emails are safe from spammers and scammers. However, DMARC is not perfect. Several flaws exist in the system.
5.7.5 permanent error evaluating dmarc policy
One of these flaws is the DMARC policy itself. If a DMARC policy fails, the email receiver will be instructed not to deliver the email. Otherwise, if the email passes the DMARC check, it will go to the primary inbox of the recipient. This method helps mitigate the risk of spoofing because it ensures that incorrectly setup emails will not be delivered.
Another flaw lies in DMARC record formatting. A DMARC record can fail due to missing characters or extra space. Also, the policy record may be misinterpreted if it has the wrong naming convention. Some implementations allow lower case letters when they require upper case, resulting in a different treatment at the recipient’s end. A DMARC policy record should contain the following information:
Why is DMARC Wrong Policy Evaluation So Dangerous?
DMARC was originally developed as an email security protocol, but its adoption has been growing steadily across the online landscape. Today, email marketers and security experts alike have become aware of DMARC as an important aspect of improved deliverability and online security. Currently, all major ISPs support DMARC, and the protocol is in the process of becoming an open standard.
In addition to failing DMARC authentication, email authentication protocols such as SPF and DKIM can also fail. In this case, if an email sender does not use a DMARC signature, it will appear to come from a forged or spoofed domain. Neither method will work in this situation, so the email may not be delivered to the intended recipient.
It is very important to maintain the DMARC policy in an email delivery system. DMARC is a crucial element in an effective anti-spam program, and it should never be overlooked. While all DMARC reports are important, they are not equal. Many of them do not tell you the exact action that mail receivers took on each message. Knowing why a message was unsuccessful or successfully delivered is just as important as knowing if it was received at all. However, DMARC isn’t perfect, and it is important to understand exactly what went wrong.
Moreover, publishing a DMARC p=none policy on a specific subdomain will make it easier for spammers to spoof that domain and send emails from a non-existent address. This will not weaken DMARC enforcement, but it does expose the domain to spoofing from anyone. In other words, it is possible for a domain to be spoof by using a DKIM policy.
