What is DMARC and why does it matter?
DMARC stands for Domain-based Message Authentication, Reporting & Conformance. It is a free email authentication standard that tells mail servers what to do when they receive an email that claims to come from your domain but fails authentication checks.
The problem DMARC solves
Without DMARC, anyone on the internet can send an email that appears to come from your domain — @yourcompany.com. This is called email spoofing, and it is the basis of most phishing attacks. Attackers impersonate trusted brands to trick employees, customers, or partners into clicking malicious links or transferring money.
How DMARC works
DMARC works together with two other standards:
- SPF — specifies which servers are allowed to send email for your domain.
- DKIM — adds a cryptographic signature to emails so receivers can verify they were not tampered with.
DMARC checks whether an email passes at least one of these two checks, with the sender domain aligned to your domain. If neither passes, DMARC tells the receiving server what to do: monitor, quarantine (send to spam), or reject the message entirely.
What a DMARC record looks like
DMARC is published as a DNS TXT record at _dmarc.yourdomain.com. A typical record looks like this:
v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com; adkim=r; aspf=r; pct=100
The most important tag is p=, which sets the policy: none, quarantine, or reject.
Why it matters for your business
- Prevents phishing attacks that impersonate your domain.
- Improves email deliverability — receivers trust authenticated senders more.
- Gives you visibility into who is sending email using your domain, including misconfigured services you might not know about.
Check if your domain has DMARC configured and see your current health score.
Check my domain — free