What is a DMARC record?
Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email standard that:
- confirms the sender’s identity using Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM)
- tells the recipient’s email service what to do with emails that fail the check
- asks recipient email services to provide reports of where email comes from
The receiving email service uses SPF and DKIM to confirm the sender’s identity. If the receiving email service confirms the sender’s identity it will forward the email to the receiver’s inbox. If the receiving email service cannot confirm the sender’s identity it will mark the email as spam.
Benefits of DMARC
By using DMARC, you can:
- help protect your users, employees and reputation from cybercrime
- reduce customer support costs relating to email fraud
- improve trust in the emails your organisation sends
- see the legitimate and fraudulent use of your domains via DMARC reports
How does a DMARC record work?
The following record is for explanation purposes and should not be used on your domain.
A DMARC record should look like this:
v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc@example.com
This tells anyone receiving email from you that:
v=DMARC1indicates you have a DMARC policyp=quarantinemeans any messages that fail DMARC checks should be treated as spampct=100means they should treat 100% of your messages this wayrua=mailto:dmarc@example.commeans they should send reports of email received back to you
Useful Resources
-
dmarc.org has more information on DMARC.
-
Authenticated Receive Chain is a related standard that supports email authentication in indirect email flow.