DMARC is a mechanism that lets organizations express that they want their emails delivered to recipients only if the messages are properly authenticated and they’re actually coming from your domain.

Electronic mail is in fact unauthenticated by design: anyone can spin up an SMTP server (the software that is responsible for sending emails behind the scenes) and send emails from any domain.

Fortunately, this can be prevented by setting up email authentication (SPF and DKIM) and, most importantly, DMARC.

Why you need DMARC

Overall, there are a few reasons why you would want to set up DMARC:

  • Prevent email spoofing, i.e. unauthorized people sending emails from your domain. This is especially important to ensure that your users aren’t tricked into phishing campaigns. It also helps preserve the email sending reputation of your domain and avoid ending up in the spam folder.
  • Comply with email providers requirements: in 2024, Google and Yahoo started requiring DMARC on incoming mail from high-volume senders. If you send emails to Gmail addresses, you may be affected by this. Even if you aren’t, this is likely just Google’s and Yahoo’s first step in a path to enforce DMARC checks on all incoming email, and organizations must prepare in advance.

What DMARC does

DMARC is the acronym for Domain-based Message Authentication, Reporting, and Conformance and was formalized in 2015.

It mainly does three things:

  • DMARC provides an algorithm to verify alignment of authentication mechanisms. In practice, it checks that SPF and DKIM identifiers are aligned with the domain contained in the From email address. (The From address is the one that you see in your email inbox, the address that we commonly refer to as the email sender.)
  • DMARC defines a DNS record format that can be used to specify the level of alignment strictness and the action that should be taken when DMARC alignment fails, i.e. the DMARC policy.
    • The DMARC policy can be none (do nothing, accept the email message), quarantine (move the email to spam) or reject (refuse to deliver the email message). In practice, each email provider interprets the policy in its own way so you shouldn’t take this literally.
  • DMARC also provides a way to get visibility into DMARC checks and the actions taken by mail servers. This is where DMARC reporting comes into play: in the DMARC DNS record you can specify an inbox address that will receive XML reports from mail servers periodically.

Read SPF and DKIM don’t stop spoofing: why you need DMARC to learn more about DMARC basics.

How DMARCwise can help

DMARCwise simplifies achieving DMARC compliance with powerful tools and features:

  • Step-by-step DMARC setup: generate and monitor your DMARC record to start tracking your email sending setup with ease.
  • Comprehensive report analysis: process, organize, and visualize aggregate DMARC reports for actionable insights.
  • Intuitive dashboard: leverage a powerful interface to quickly identify potential authentication issues and discovery unauthorised senders using your domain.
  • Unlimited email diagnostics: instantly verify your sending setup by sending us an email—no need to wait for DMARC reports.
  • Weekly email summaries: stay informed with automated digests, so you can monitor your email delivery setup without logging in.

You can get started with DMARCwise for free by choosing our free plan or exploring paid plans with a 14-day trial.