When it gets to its destination, the receiving system can determine what to do with the message based on the reputation of the signature's owner. If the owner has a good reputation, it will probably deliver the message. If a reputation is tarnished, closer scrutiny of the message may follow.
"If you take the two in combination, there are times when one or the other will fail, but they don't fail simultaneously," Adams said. "So we added the DMARC layer on top that looks down at those two authentication technologies and if both fail, that trips a DMARC failure, and it tells the receiver definitively that this an unauthenticated message."
Despite claims by DMARC's supporters that it will have a significant impact on phishing campaigns, skeptics remain.
"It would put a big dent in phishing if everyone adopted it," Dave Jevans, chairman of the Anti-Phishing Work Group said. "The problem is adoption, not the technology. Adoption has always been the problem.
"There are millions of mail servers out there, and all of them will never support it," he said.
Sign up for Computerworld eNewsletters.