DNS and email

What is DMARC?

DMARC lets a domain say what receivers should do with mail that does not pass SPF or DKIM in the right way.

Short answer

DMARC builds on SPF, DKIM and alignment with the From domain. The policy can be none, quarantine or reject.

Policies

p=none collects reports without stopping mail. p=quarantine marks suspicious mail. p=reject asks receivers to reject.

Reports

rua addresses can receive aggregate reports showing which systems send email for the domain.

Deployment

Often start with p=none, analyze legitimate senders and then tighten the policy when SPF and DKIM are correct.

Common questions

Does DMARC need SPF and DKIM?

DMARC uses SPF and DKIM. At least one method needs to pass with alignment for DMARC to pass.

Is p=none useless?

No, p=none is useful for inventory and reporting before strict policy.

More guides

DNS and email

What are DNS records?

DNS records explained: what A, AAAA, MX, TXT, CNAME, NS, CAA and SOA mean and how they affect websites, email and domain security.

Read guide DNS and email

What is an MX record?

MX records explained: how mail servers are prioritized, which DNS mistakes stop delivery and how MX connects with SPF and DMARC.

Read guide DNS and email

What is SPF?

SPF explained: which servers may send email for a domain, common SPF mistakes and why SPF should be combined with DKIM and DMARC.

Read guide