What is DMARC and why should you use it?

DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. It builds on SPF and DKIM and tells receiving systems what to do when authentication checks fail.

DMARC also supports reporting, which helps domain owners see who is sending mail claiming to be from their domain.

A DMARC record is published as a TXT record under _dmarc.yourdomain.com.

It defines the domain’s policy, alignment settings, and optional report destinations.

• p=none means monitor only
• p=quarantine means suspicious mail should usually be treated as junk
• p=reject means failing mail should be rejected

DMARC helps protect a domain against spoofing and phishing. It also helps you move from observation to enforcement in a controlled way.

A domain with SPF and DKIM but no DMARC is missing an important piece of the overall email authentication strategy.

• Start with p=none to gather reports
• Review legitimate mail sources
• Fix SPF and DKIM alignment gaps
• Move to quarantine and then reject when ready