DMARC (Domain-based Message Authentication, Reporting and Conformance) is the first widely deployed technology that can make the "From" header (what users see as the sender address in their e-mail clients) trustworthy.
Because we were one of the first e-mail gateway products to incorporate DMARC validation, we recommend all our customers to add the "Verify sender" block to their inbound DATA flow. That's really that simple, and it will block messages with From header addresses that fakes DMARC-protected domains such as "paypal.com" and "linkedin.com". DMARC is already widely deployed by domains that are being abused by scammers, and more companies join in every day.
DMARC is based on DKIM and SPF, in order to reuse as much existing infrastructure and configuration as possible. If you feel that your domain could be used by scammers, the process of start using DMARC signing is
- Enable SPF, which could be as simple as the TXT record v=spf1 +mx -all (but don't take my word for it)
- Enable DKIM signing for outbound messages
- Enable DMARC testing; a TXT record named _dmarc such as v=DMARC1; p=none; rua=mailto:[email protected] which allows you to see how many DMARC rejects you produce
- If you're satisfied with the reports of your testing DMARC, change p=none to p=reject