What is DMARC?

DMARC, which stands for "Domain-based Message Authentication, Reporting, and Conformance," is like a security guard for your emails. It helps protect your email domain from being used for phishing attacks. Essentially, DMARC tells email providers (like Gmail or Yahoo) how to handle emails that claim to be from your domain. It helps ensure that only legitimate emails from your domain get delivered to recipients, while suspicious or fraudulent ones are either quarantined or rejected. This way, DMARC helps safeguard both your brand's reputation and your recipients from email scams.


DMARC, or Domain-based Message Authentication, Reporting, and Conformance, is a policy framework that helps organizations protect their email domains from being used for phishing and email spoofing attacks. It works by allowing domain owners to specify how email servers should handle messages that claim to be from their domain but fail authentication checks, such as SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail). DMARC helps organizations to enforce strict policies on email authentication, monitor email traffic, and receive reports on unauthorized use of their domains in email headers, ultimately enhancing email security and trustworthiness.

Examples of DMARC DNS records

DMARC policy record

_dmarc.example.com. IN TXT "v=DMARC1; p=none; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1"

DMARC policy record with a strict policy

_dmarc.example.com. IN TXT "v=DMARC1; p=quarantine; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1"

DMARC policy record with a reject policy

_dmarc.example.com. IN TXT "v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1"

These records specify the DMARC policy for the domain "example.com." The "p" tag indicates the policy to be applied to emails that fail DMARC checks, with options including "none" (take no action), "quarantine" (put in spam or quarantine), or "reject" (block delivery). The "rua" tag specifies where aggregate reports should be sent, and "ruf" specifies where forensic reports should be sent. The "fo" tag specifies what forensic data should be included in the reports. These records are typically published in the DNS (Domain Name System) settings of the domain.

Follow my DIY Guide if you want to learn How to set up a Bulk Mail System that is capable of sending an unlimited number of emails, using IP rotation, and more.