Do you already have a DMARC Record/Policy setup? Check here ➝
Note: A DMARC record is different than a DMARC policy. Policies are attributes of a DMARC record and it is recommended that they are initially set to "none".
DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. It's a way to make sure that emails sent from your domain are legitimate and to tell email servers how to handle emails that aren't. Think of it as a security guard for your emails.
A DMARC record is a TXT record that lives on your Domain Name Servers. It contains several important attributes that tell email servers about your sender profile, your set of rules for how they should treat emails that do not appear to be from your domain (the "policy), and where to send reports if an email fails a DMARC check ("ruf" and "rua").
Below are the different attributes in a DMARC record and what they represent:
v: Denotes the record type – this is a DMARC record.
ruf: Tells email servers where to send reports of individual DMARC check failures.
rua: Tells email servers where to send aggregate reports of DMARC checks.
p: Denotes the rejection policy for emails that fail DMARC checks on the root domain.
sp: Denotes the rejection policy for emails that fail DMARC checks on subdomains.
Note: Individual subdomains can have their own DMARC policies that will override the root domain policy. If you're just getting started with DMARC, stick to just the one root domain record.
There are three main types of DMARC policies:
Don't fall asleep on your DMARC reports! Monitor the reporting you receive to the addresses you provided in your policy to make sure the emails that the DMARC failure reports denote should be rejected.
Once you are confident that DMARC checks are performing properly, you may update your policy to be more strict ("quarantine" or "reject").