Does DMARC block all types of phishing attacks?
Frequently Asked Questions
DMARC is only used to protect against direct domain spoofing. If the owners / operators of examplewebsite.com use DMARC to protect this domain, it will not affect otherwebsite.com or examplewebsite.net (note '.net' vs. '.com'). While impersonating a particular domain is a common method of phishing and other malicious activity, there are other methods of attack that DMARC does not address. For example, DMARC does not address attacks from cousin domains (i.e. sending from a domain that looks like the target is being abused - e.g. examplewebsit3.com vs. examplewebsite.com) or abuse of display names (i.e. changing of the 'From' field to look like this if it comes from the target that is being abused).