DMARC

Property	Value
description	Email authentication policy and reporting standard that tells receivers how to handle messages using a domain when authentication checks fail.
tags	ref

Human: 1 - AI-generated

Fully or near-fully AI-generated. Limited human intervention beyond light edits.

DMARC stands for Domain-based Message Authentication, Reporting, and Conformance.

It is an email authentication policy and reporting standard that tells receiving mail systems how to handle messages using a domain when authentication checks fail.

What it does

DMARC helps domain owners publish rules for how unauthenticated email should be handled.

It is commonly used to:

• Reduce email spoofing and phishing
• Publish a domain-level email policy in DNS
• Request reporting about authentication failures
• Improve trust in outbound email
• Guide receivers to monitor, quarantine, or reject non-aligned mail

Core concepts

Policy published in DNS

DMARC is published through a DNS TXT record.

That makes DNS central to how DMARC works operationally.

Built on SPF and DKIM alignment

DMARC does not replace existing email authentication checks.

It builds on SPF and DKIM results and adds alignment, policy, and reporting behavior around them.

Policy progression

DMARC policies commonly move from none to quarantine to reject.

That staged rollout is important because organizations usually need time to verify legitimate mail flows before enforcing stricter handling.

Common use cases

• Protecting a domain from spoofed email
• Improving email-delivery trust
• Monitoring authentication failures
• Hardening business email domains
• Supporting broader email-security posture

Practical notes

• DMARC is not only “SMTP related”; it is a domain-level email authentication policy and reporting mechanism.
• It is most useful when implemented carefully and monitored through reports.
• Publishing a DMARC record without understanding your real mail sources can break legitimate mail.
• DMARC matters most for domains that send email or are vulnerable to impersonation.

Sources Used

• https://dmarc.org/overview/
• https://datatracker.ietf.org/doc/html/rfc7489
• https://www.ietf.org/participate/tools/dmarc/

Frequently Asked Questions

Is DMARC the same as SPF or DKIM?

No. DMARC builds on SPF and DKIM results and adds policy and reporting behavior.

Where is DMARC configured?

It is published in DNS as a TXT record.

Should every domain use reject immediately?

Usually no. Many domains start with monitoring and then tighten policy after validating legitimate senders.

Related Documents

• DNS
• SMTP2GO