DMARC is Domain-based Message Authentication, Reporting & Conformance. DMARC is an email authentication, policy, and reporting protocol. DMARC builds on the widely deployed SPF and DKIM protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor protection of the domain from fraudulent email.
DMARC is designed to fit into an organization’s existing inbound email authentication process. The way it works is to help email receivers determine if the purported message “aligns” with what the receiver knows about the sender. If not, DMARC includes guidance on how to handle the “non-aligned” messages.
At a high level, DMARC is designed to satisfy the following requirements:
- Minimize false positives.
- Provide robust authentication reporting.
- Assert sender policy at receivers.
- Reduce successful phishing delivery.
- Work at Internet scale.
- Minimize complexity.
Anatomy of a DMARC resource record in the DNS:
How to deploy DMARC: