Domain-based Message Authentication, Reporting and Conformance (DMARC) is a text DNS Record that indicates to the receiving server what actions should be taken if the emails do not pass the email authentication mechanisms:
It wards off email spoofing
DKIM and SPF should be set before setting a DNS DMARC record.
DMARC has two conditions for an email, but either of them is sufficient to pass the DMARC check:
To pass DMARC, a message must pass at least one of these checks:
A message fails the DMARC check if the message fails both:
The DMARC is a TXT record with the relative name _dmarc that contains a series of options called record tags.
The only mandatory tag is v=DMARC1.
For instance, for the most relax policy (ie none policy), you could enter the following DNS record
_dmarc.example.com IN TXT "v=DMARC1; p=none; rua=mailto:[email protected]"
where the options are called record tags and
The policy defines the action taken on messages by the receiving server when they don’t pass the DMARC checks.
| Policy | Description | Report |
|---|---|---|
| none | no action is taken | Yes |
| quarantine | Send messages to the recipient’s spam or quarantine folder | Yes |
| reject | send a bounce | No |
The Dmarc report is sent via the email configured in the rua property of the DMARC record.
You can then monitor the effectiveness of your email operation/
Example: