What’s DMARC?

Domain-based Message Authentication Reporting and Conformance (DMARC) is a free and open technical specification that is used to authenticate an electronic mail by aligning SPF and DKIM mechanisms. By having DMARC in place, domain owners large and small can fight business electronic mail compromise, phishing and spoofing. Co-authored by dmarcian’s founder, DMARC was first revealed in 2012.

With DMARC you possibly can inform the world find out how to deal with the unauthorized use of your email domains by instituting a coverage in your DMARC record. The three DMARC insurance policies are:


Monitors your electronic mail traffic. No further actions are taken.


Sends unauthorized emails to the spam folder.


The ultimate policy and the last word goal of implementing DMARC. This coverage ensures that unauthorized e-mail doesn’t get delivered at all.

How does DMARC work?

DMARC is based upon the results of SPF and/or DKIM, so no less than a type of needs to be in place for the e-mail domain. To deploy DMARC, you want to publish a DMARC document within the DNS.

A DMARC file is a text entry within the DNS file that tells the world your e-mail domain’s policy after checking SPF and DKIM status. DMARC authenticates if either SPF, DKIM, or both pass. This is referred to as DMARC alignment or identifier alignment. Based on identifier alignment, it is possible that SPF and DKIM pass, but DMARC fails.

A DMARC file additionally tells email servers to ship XML reports back to the reporting electronic mail address listed within the DMARC record. These reports provide insight on how your e mail is moving by means of the ecosystem and help you identify everything that is utilizing your e-mail domain.

Because reports are written in XML, making sense of them may be tricky, and they can be numerous. dmarcian’s platform can receive these reports and provide visualization on how your e mail domains are getting used, so you may take motion and move your DMARC policy towards p=reject.

Why Use DMARC for Email?

Electronic mail is involved in more than 90% of all network attacks and without DMARC, it may be hard to inform if an email is real or fake. DMARC permits domain owners to protect their domain(s) from unauthorized use by preventing phishing, spoofing, CEO fraud, and Enterprise Email Compromise.

By always sending DMARC compliant email, the operator of an Internet domain can inform the world “everything I send is simple to identify using DMARC—be at liberty to drop fake electronic mail that pretends to be me.”

DMARC’s utility as an anti-spoofing technology stems from a significant innovation; instead of making an attempt to filter out malicious email, why not provide operators with a way to easily identify legitimate email? DMARC’s promise is to interchange the fundamentally flawed “filter out bad” email security model with a “filter in good” model.

If you happen to’re curious about the health of your domain or anybody’s, use our free Domain Checker for a quick check. It inspects DMARC, SPF and DKIM and tells you which actions you want to take to reach compliance.