Glossary Index

DMARC (Domain-based Message Authentication, Reporting & Conformance)

An authentication protocol that builds on SPF and DKIM, telling mail servers how to handle failed authentication.

What is DMARC (Domain-based Message Authentication, Reporting & Conformance)?

DMARC is a policy layer built on top of SPF and DKIM. It tells receiving servers what to do if an email fails authentication—let it through, send it to spam, or reject it. It also provides reporting so you can see who’s trying to use your domain.

Why it matters

DMARC is the gold standard for protecting your domain from phishing and spoofing. It gives you visibility into how your domain is used (or abused) and helps ensure legitimate mail gets delivered. Many major providers now require DMARC for high-volume senders.

How it works

You publish a DMARC TXT record in DNS specifying your policy (none, quarantine, or reject). When an email arrives, the receiving server checks if SPF and/or DKIM pass and whether they align with the domain in the "From" header. If they don't, the server applies your DMARC policy. Reports are sent to the email addresses you specify, showing authentication results.

Examples

  • A company sets p=none to monitor mail without blocking.

  • After analysis, they move to p=reject to fully block unauthorized mail.

  • Reports reveal a phishing campaign using their brand name.

Best practices

  • Start with a monitoring-only policy (p=none) to collect data.

  • Review reports regularly and identify unauthorized senders.

  • Gradually move to stricter enforcement once you’re confident in your setup.

Related terms

SPF, DKIM, Email Deliverability

FAQs

Do I need both SPF and DKIM for DMARC to work?
Technically, only one of them needs to pass and align with the “From” domain. However, for best results and maximum security, you should implement both.

What’s the difference between none, quarantine, and reject?

  • none = Monitor only, don’t block anything.

  • quarantine = Send unauthenticated mail to spam.

  • reject = Block it completely.

How do DMARC reports help me?
Reports show which IPs are sending mail on behalf of your domain and whether they’re authorized. This helps you spot abuse, fix misconfigurations, and protect your brand.

mail box icon

Start sending better emails today!

Transactional emails, marketing campaigns, and everything in between. No clutter. No surprises. Just deliverability that works.

Solutions

Transactional EmailMarketing EmailEmail Automation

Docs

Getting StartedAPI ReferenceMigration Guides

Resources

BlogGlossaryChangelogAffiliate Program

Legal

Fair UsePrivacy PolicyTerms & ConditionsSubprocessors

Send transactional and marketing emails with AutoSend—clean API for developers, simple campaign tools for marketers.

© 2025 • Peerlist Inc.

42,000,451