Domain-based Message Authentication, Reporting & Conformance, or DMARC, builds on the successes of technologies such as DomainKeys Identified Mail (DKIM) and the Sender Policy Framework (SPF) to create an infrastructure that enforces policy on domain names that are visible to end users, and creates a feedback framework for identifying and tracking fraudulent use of domain names in email.
It provides the following new capabilities:
- A binding between the domain name seen in the From: field of a message and one or both of the domain names verified by DKIM and SPF;
- The capability to request that receivers enforce strict message authentication policy published by the author; and
- Comprehensive reporting, both forensic and aggregate, regarding suspect messages.
The DMARC protocol document has been under development by an informal group, of which The Trusted Domain Project is a member. In January, 2012, the existence of the group and its initial draft were revealed and received widespread attention.
In order to promote the evolution and success of DMARC, The Trusted Domain Project has created an initiative called OpenDMARC that will serve two primary purposes:
- Produce and maintain a high-quality open source implementation of DMARC that includes a library that can be used to make any application DMARC-aware, and a filter that can be used to provide DMARC services in common mailing environments;
- Co-ordinate and participate in an interoperability event where all DMARC implementers will be invited to test their implementations and exchange ideas for improvement.
This is a repeat of the approach taken to promote DKIM, which resulted in the highly successful OpenDKIM initiative that TDP still maintains.
In July, 2012, a number of organizations met at Facebook headquarters in Menlo Park, CA, to test their implementations and discuss the effectiveness of the proposal as well as possible improvements to the specification. Read more here.
As of October 2012, a release-quality version is available here, where you can find download links and links to current documentation.
General discussion of DMARC takes place on the public DMARC mailing lists.
To become part of the OpenDMARC Initiative, please contact us via the link at the left of this page.