What is DMARC (Domain-based Message Authentication, Reporting & Conformance)?

What is it?

DMARC stands for Domain-based Message Authentication, Reporting & Conformance. It's an email authentication protocol, using Sender Policy Framework, (SPF) and DomainKeys identified Mail (DKIM) to prevent "domain spoofing" and other malicious activities.

It is published in the DNS records so that any receiving email server can authenticate incoming emails. It also details the sender policies on how unauthenticated emails should be treated by ESPs (Email Service Providers).

It allows:

• The owner of a domain to signal in DNS records which security protocols (SPF, DKIM, or both) are implemented when sending email from that domain.
• The sender to define how to handle outgoing emails that didn't pass the SPF and/or DKIM authentication(s). Either it can send them in spam for quarantine, or block them.
• The sender to monitor its sending domain activity through detailed reports.

Why is it important?

DMARC is an extension of existing email authentication methods like DKIM and SPF. It makes sure that no unauthenticated users will be able to send email from your domain, protecting your brand and the trustworthiness of your domain.

Along with SPF and DKIM, DMARC has a positive impact on deliverability as major ISPs (Internet Service Providers) considered sender with DMARC set up as more trustworthy.

In the same way, your domain has less chances to be blacklisted or have a bad SpamAssassin grade if it has a DMARC record published.

In a nutshell, having DMARC properly setup will make your emails more secure while increasing your deliverability.

‍

📹 Video explanation