Domain-based Message Authentication, Reporting and Conformance (DMARC) is a text DNS Record that indicates to the receiving server what actions should be taken if the emails do not pass the email authentication mechanisms:
- DomainKeys Identified Mail (DKIM). (preferred by Gmail): Valid signature from the domain of the From address.
- and Sender Policy Framework (SPF): Valid sender
It wards off email spoofing
DKIM and SPF should be set before setting a DNS DMARC record.
DMARC has two conditions for an email, but either of them is sufficient to pass the DMARC check:
When does a message pass DMARC ?
To pass DMARC, a message must pass at least one of these checks:
A message fails the DMARC check if the message fails both:
- SPF (or SPF alignment)
- DKIM (or DKIM alignment)
The policy defines the action taken on messages by the receiving server when they don’t pass the DMARC checks.
|none||no action is taken||Yes|
|quarantine||Send messages to the recipient’s spam or quarantine folder||Yes|
|reject||send a bounce||No|
The Damrc report is sent via the email configured in the rua property of the DMARC record.
You can then monitor the effectiveness of your email operation/