Home

DMARC

DMARC stands for Domain-based Message Authentication, Reporting and Conformance. It is an email authentication protocol designed to give domain owners visibility into email using their domain and to reduce spoofing of that domain. DMARC builds on two existing mechanisms, SPF and DKIM, by adding a policy framework and domain alignment requirements. The key concept is that the domain in the From header must align with the domain used by SPF or DKIM for the message to pass DMARC.

To publish DMARC, a domain owner creates a DNS TXT record at the subdomain _dmarc.domain. The record

When a receiver gets a message, it evaluates SPF and DKIM. If either passes and the domain

DMARC provides visibility into who is sending on behalf of a domain and helps prevent spoofing, but

specifies
a
policy,
which
can
be
p=none
(monitoring
only),
p=quarantine,
or
p=reject.
It
may
also
include
an
RUA
address
for
aggregate
reports
and
an
RUF
address
for
forensic
reports.
The
policy
instructs
receiving
mail
servers
on
how
to
handle
messages
that
fail
DMARC
checks.
in
the
From
header
aligns
with
the
domain
used
by
SPF
or
DKIM
(alignment
can
be
relaxed
or
strict),
the
message
passes
DMARC;
otherwise
the
policy
applies.
it
relies
on
the
other
protocols
functioning
correctly
and
on
receivers
honoring
the
policy.
It
does
not
guarantee
delivery
or
encrypt
email,
and
reporting
can
reveal
sensitive
information
if
not
properly
managed.