Skip to content

Regarding the Use of CMC Domain Protection

To use CMC Domain Protection, purchasing the CMC Domain Protection plan is required.

CMC Domain Protection

Start DMARC with Customers Mail Cloud

CMC Domain Protection analyzes DMARC reports from email receivers (ISPs, etc.) to visualize sender authentication status. Organizations often send emails from various systems, and authentication failures (SPF/DKIM issues or incorrect settings) can happen. This service helps easily identify email servers with such errors, enabling the implementation of DMARC policies to prevent email spoofing.

Start DMARC

  1. Log in to the management console, click "Customers Mail Cloud▼" in the upper left of the screen, and switch to the "CMC Domain Protection" screen. Alternatively, access the CMC Domain Protection management console.

  2. Log in to CMC Domain Protection using the login ID/password set in CMC. The privileges, two-factor authentication settings, and operation authority settings of the account set in Customers Mail Cloud are inherited. (CMC Domain Protection is available to all user roles; however, Report Viewer and Accountant cannot register, edit, or delete DMARC settings.)

  3. Open the "DMARC Settings" tab, register the sending domain (*), and generate a DMARC record.

  4. Publish the generated DMARC record to DNS.

  5. Once the DMARC record is registered in DNS, report emails will be sent from the recipients to CMC Domain Protection. The analysis results of the report emails can be viewed on the dashboard and summary.

(*)The sending domain refers to the From domain in the email header. If you are using a subdomain such as subdomain.hennge.com as your sending domain, and DMARC is set for the organizational domain hennge.com of this domain, the same DMARC policy will be inherited by the subdomain.

What Is Email Spoofing?

Various web services such as shopping sites, reservation sites, and social media platforms still rely heavily on email as a means of communicating with customers.

However, phishing emails designed to trick users into revealing personal information like IDs and passwords, as well as spam attempting to execute viruses, are sent worldwide. These emails try to gain the trust of recipients by "spoofing" the From address, making it appear as if they originate from legitimate companies or brands.

Companies and brands that are spoofed can suffer damage such as having to deal with inquiries about these suspicious emails. So, how can we protect companies and brands from "spoofing" emails?

Prevent Email Spoofing with DMARC

The email system allows anyone to freely set the From address, making spoofing easy. However, with the widespread adoption of email authentication technologies like DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework), email receiving servers (ISPs, etc.) can now determine if an email was sent by the owner of the domain in the From address.

DMARC (Domain-based Message Authentication, Reporting & Conformance) is a mechanism that uses DKIM and SPF to enable receiving servers to verify if the sender of an email is the legitimate owner of the domain. Furthermore, DMARC allows the sender to communicate a policy to the receiver on how to handle emails that fail authentication. By referring to this policy and considering the authentication results, the receiver can process emails to prevent fraudulent emails such as spoofing and phishing scams from reaching the recipient's inbox, thereby enhancing domain reliability.

Example DMARC Record

When setting DMARC for a domain such as example.com , a TXT record is set for _dmarc.example.com . The content to be set is, for example, as follows:

Example DMARC Record

"v=DMARC1; p=none; pct=100; adkim=r; aspf=r; rua=mailto:dmarc-ra@example.com; ruf=mailto:dmarc-ra@example.com"

For details on the parameters in the TXT record, please refer to"Generating a DMARC Record"

Policies

By selecting one of three policies, mail senders can specify how email receivers should manage emails that do not pass sender authentication.

ISPs and other mail receivers that support DMARC handle emails failing authentication based on the policy set by the sender.

  • none: monitoring only (only receive reports; emails are received regardless of the DMARC authentication result)
  • quarantine: Isolate (put in the spam folder)
  • reject: Do not receive (refuse to receive the email).

Reports

Email senders can receive two types of reports from email receivers.

rua

Describes the email address to receive aggregate reports on the domain's DMARC activity. A summary of the number of emails received and authentication results per sending domain and sending IP is reported.

ruf

When authentication fails, a report is generated in real-time for each sent email. This describes the email address to receive these failure reports. This report includes personal information necessary to investigate authentication-failed emails, such as the sending IP, sending domain, subject, and message ID. This is also called a forensic report.

Regarding ruf Support

Most major ISPs do not support the ruf parameter. Additionally, since report emails returned by ruf may contain personal information included in the distributed emails, CMC Domain Protection does not support ruf reports from the perspective of personal information protection.

Importance of Report Monitoring

DMARC provides a powerful mechanism to prevent spoofed emails (those that fail sender domain authentication) from reaching recipients' inboxes by allowing senders to declare a "quarantine" or "reject" policy.

However, if your own legitimate outgoing emails also fail sender domain authentication, they will be handled in the same way as spoofed emails. Therefore, it's crucial to monitor the sender domain authentication status of the emails you send.