What is DMARC?
DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication protocol that builds on SPF and DKIM. It allows domain owners to publish a policy in DNS that tells receiving mail servers what to do when an email fails authentication checks — and provides a reporting mechanism so domain owners can monitor who is sending email on their behalf.
Without DMARC, even if SPF and DKIM are set up, the receiving server has no instruction on how to handle failures. DMARC closes this gap by providing clear policy directives.
DMARC Policies
p=none— Monitor only. Don't take action on failures, but send reports. Good for initial setup.p=quarantine— Send failing emails to the spam/junk folder.p=reject— Block failing emails entirely. The strongest protection against spoofing.
Example DMARC Record
_dmarc.example.com. TXT "v=DMARC1; p=reject; rua=mailto:dmarc@example.com; ruf=mailto:forensics@example.com; pct=100"
Why DMARC Matters
DMARC is essential for preventing email spoofing and phishing attacks that impersonate your domain. Major email providers (Gmail, Outlook, Yahoo) increasingly require DMARC for bulk senders. Google and Yahoo's 2024 sender requirements mandate DMARC for anyone sending more than 5,000 emails per day.
Check your DMARC configuration with Mailchk's free DMARC Checker tool.