About DMARC
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol that builds on SPF and DKIM. It allows domain owners to specify how email that fails authentication should be handled, and provides a way to receive reports about email authentication failures.
Why DMARC Matters
- Prevents email spoofing and phishing attacks by allowing domain owners to specify how to handle unauthenticated emails
- Provides visibility into email authentication results through aggregate and forensic reporting
- Improves email deliverability by reducing the chance of legitimate emails being marked as spam
- Protects your domain's reputation by preventing unauthorized use of your domain in email
Key DMARC Tags
- p: Policy for the organizational domain - none (monitor only), quarantine (mark as suspicious), or reject (block delivery)
- sp: Policy for subdomains - if not specified, the 'p' policy applies to subdomains as well
- pct: Percentage of messages to which the policy applies (1-100)
- rua: Email addresses to send aggregate reports to
- ruf: Email addresses to send forensic reports to
- adkim/aspf: DKIM and SPF alignment mode - relaxed (r) or strict (s)
Example DMARC Record
v=DMARC1; p=reject; sp=quarantine; pct=100; rua=mailto:reports@example.com; adkim=r; aspf=r;This example enforces a strict policy that rejects emails that fail authentication for the main domain, quarantines emails for subdomains, applies to 100% of messages, and sends aggregate reports to reports@example.com.