DMARC (domain-based message authentication, reporting and conformance) is an email authentication protocol designed to help email domain owners protect their domain from unauthorised use - e.g. a sender using your domain to send unauthorised email for phishing and other purposes.
A DMARC policy allows a sender to indicate that their messages are protected by SPF and/or DKIM, and tells the recipient what to do if neither of those authentication methods passes – e.g. junk or reject the message.
DMARC removes guesswork from the receiver’s handling of these failed messages, limiting or eliminating the user’s exposure to potentially fraudulent & harmful messages. DMARC also provides a way for the email receiver to report back to the sender about messages that pass and/or fail DMARC evaluation.
Your DMARC record is published as a TXT record in your DNS records.
There are three levels of policy that you can set:
|p=none||Tell the recipient to perform no actions against unqualified mail, but still send email reports to the mailto: in the DMARC record for any infractions.|
|p=quarantine||Tell the recipient to quarantine unqualified mail, which generally means “send this directly to the spam folder.”|
|p=reject||Tell the recipient to completely deny any unqualified mail for the domain. With this enabled, only mail that is verified as 100% being signed by your domain will even have a chance at the inbox. Any mail that does not pass is denied (not bounced) so there’s no way to catch false positives.|
For more information on DMARC please visit https://dmarc.org/
We recommend using a specialist DMARC service for implementation.
Get in touch with your Customer Success Manager and Ometria's Deliverability team, who can recommend providers.