DMARC (domain-based message authentication, reporting and conformance) is an email authentication protocol designed to help email domain owners protect their domain from unauthorised use - e.g. a sender using your domain to send unauthorised email for phishing and other purposes.
A DMARC policy allows a sender to indicate that their messages are protected by SPF and/or DKIM, and tells the recipient what to do if neither of those authentication methods passes – e.g. junk or reject the message.
DMARC removes guesswork from the receiver’s handling of these failed messages, limiting or eliminating the user’s exposure to potentially fraudulent and harmful messages.
DMARC also provides a way for the email receiver to report back to the sender about messages that pass and/or fail DMARC evaluation.
Your DMARC record is published as a TXT record in your DNS records.
There are three levels of policy that you can set:
|p=none||Tell the recipient to perform no actions against unqualified mail, but still send email reports to the mailto: in the DMARC record for any infractions.|
|p=quarantine||Tell the recipient to quarantine unqualified mail, which generally means “send this directly to the spam folder.”|
Tell the recipient to completely deny any unqualified mail for the domain.
With this enabled, only mail that is verified as 100% being signed by your domain will even have a chance at the inbox.
Any mail that does not pass is denied (not bounced) so there’s no way to catch false positives.
For more information on DMARC please visit https://dmarc.org/
We recommend using a specialist DMARC service for implementation.
Get in touch with your Customer Success Representative and Ometria's Deliverability team, who can recommend providers.