It’s relatively easy for a hacker to fake the originating domain name for emails. This can be used to great effect in phishing campaigns where victims receive emails that appear to come from within their company or organization and are accordingly more likely to open suspect files and attachments.
Domain-based Message Authentication, Reporting & Conformance (DMARC) is a protocol designed to prevent domain name spoofing in emails by authenticating any messages against their originating domain. Domain names with DMARC enabled can make it significantly easier for email services and internet service providers to filter out suspicious messages while keeping false positives to a minimum.
Domain names and DNS were developed decades ago, when the internet was primarily used by government agencies and universities. As a result, security was not a consideration in how they were designed - this is why domain names are such a frequent vector of attack for hackers.
Recognizing the widespread vulnerabilities in DNS, the Internet Engineering Task Force created a security protocol called Domain Name System Security Extensions, or DNSSEC, which helps to authenticate traffic on the internet against its originating domain name. While adoption of DNSSEC has been a slow process, its deployment helps to address a major security hole at the very center of the internet.