/ˈdiː-mɑːrk/
n. “The rulebook for email trust.”
DMARC, short for Domain-based Message Authentication, Reporting & Conformance, is an email authentication protocol designed to give domain owners control over how email receivers handle messages that fail verification checks. It builds on existing standards like SPF and DKIM, providing both enforcement guidance and reporting.
With DMARC, domain owners publish a DNS record specifying policies for handling suspicious emails. These policies can instruct receiving servers to monitor, quarantine, or reject messages that do not pass SPF or DKIM checks. The protocol also enables reporting, so senders can see who is sending email on behalf of their domain and how often messages fail authentication.
For instance, if a domain example.com sets a DMARC policy of “reject,” any email that fails SPF and DKIM validation should be discarded by the receiving server. If set to “quarantine,” suspicious messages may be sent to spam folders, while “none” allows monitoring without enforcing action. Reports are sent back to the domain owner for analysis.
DMARC prevents phishing, spoofing, and unauthorized use of a domain in email campaigns. It’s widely adopted by enterprises, government agencies, and email service providers to ensure that recipients can trust messages claiming to be from their domains. By combining DMARC with SPF and DKIM, organizations create a layered defense against fraudulent emails.
Beyond security, DMARC provides insight. Reporting allows domain owners to understand email flows, identify misconfigured servers, and detect abuse patterns. This intelligence is valuable for operational monitoring, incident response, and improving overall deliverability of legitimate email.
Implementation involves creating a DNS TXT record with policy tags such as v=DMARC1, p=reject/quarantine/none, rua for aggregate reporting, and ruf for forensic reporting. While setup can be technical, it’s critical to review reports periodically to adjust policies and maintain compliance with email standards.
In short, DMARC is the referee in the email ecosystem. It defines the rules, enforces discipline, and provides visibility, ensuring that domains are used correctly and securely, protecting both senders and recipients from phishing and spoofing attacks.