DMARC is a system that helps email operators to check the authenticity of email messages and to prevent email spoofing. DMARC uses two methods, DKIM and SPF, to verify the domain names of email senders. DMARC can check the domain names of the main domain or the subdomains. Subdomains are the parts of the domain name that come before the main domain, such as “mail.example.com” or “blog.example.com”.
However, if someone can change the SPF or DKIM records of a subdomain, they can use the subdomain to send fake emails that look like they come from the main domain. For example, someone who can change the SPF record of “evil.example.com” can send an email with a From address of “[email protected]” that can pass the DMARC check for “example.com”.
The main domain owner should be careful not to let anyone else control the subdomains if this is a problem, and to use the “strict” option for DMARC if needed. The “strict” option means that the domain names have to match exactly, not just partially.
Was this helpful?
0 / 0