Skip to main content
What is a DMARC record?
Updated over 10 months ago

DMARC, which stands for "Domain-based Message Authentication, Reporting, and Conformance," is an email-validation system designed to protect your domain from being used for email spoofing, phishing scams, and other cybercrimes. A DMARC record is a specific type of TXT record in your domain's DNS settings. It leverages the widely used SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) protocols, adding an important layer of authentication to these existing technologies.

Here's how a DMARC record works:

  1. SPF and DKIM Alignment: DMARC ensures that the SPF and DKIM authentication methods align with the domain that the email claims to be from. This alignment is crucial to verify that the email is not from an unauthorized source pretending to be someone else (spoofing).

  2. Policy Specification: The DMARC record allows a domain owner to specify a policy for how receiving email servers should handle emails that fail SPF and DKIM checks. The policies include:

    1. None: Treat the mail the same way as if no DMARC policy is present.

    2. Quarantine: Mark as suspicious. The receiving server can then treat this email differently, such as placing it in a spam folder.

    3. Reject: Completely reject the email, ensuring it does not get delivered to the end recipient.

  3. Reporting: DMARC also specifies how receiving servers should report back to the sender's domain about emails that pass and/or fail DMARC evaluation. These reports are crucial for a domain owner to understand who is sending email on behalf of their domain and to identify unauthorized use.

A DMARC record is published in the DNS record for a domain and provides instructions to the email servers that receive emails from that domain. Here’s an example of what a DMARC record might look like:

v=DMARC1; p=reject; rua=mailto:dmarc-reports@example.com


In this example:

  • v=DMARC1 specifies the DMARC version.

  • p=reject is the policy applied to emails that fail DMARC checks.

  • rua=mailto:dmarc-reports@example.com indicates where aggregate reports should be sent.

Overall, DMARC is a powerful tool for enhancing email security, helping to reduce spam and phishing attacks by making it harder for attackers to hide their identity.

Did this answer your question?