glossary.categories.securityAcronym

DMARC

Domain-based Message Authentication, Reporting & Conformance

An email authentication protocol that protects against phishing and spoofing.

Definition

Domain-based Message Authentication, Reporting & Conformance (DMARC) is an email authentication protocol that builds on SPF and DKIM to protect email domains from spoofing, phishing, and other abuse. DMARC allows domain owners to publish policies specifying how receivers should handle emails that fail authentication, and provides reporting to monitor email authentication results.

Examples

DMARC Record Example

A typical DMARC DNS record.

; DMARC DNS Record (TXT)
_dmarc.example.com. IN TXT "v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com; ruf=mailto:dmarc@example.com; sp=reject; adkim=s; aspf=s"

; Breakdown:
; v=DMARC1     - DMARC version
; p=quarantine - Policy for failures (none/quarantine/reject)
; rua=         - Aggregate report recipient
; ruf=         - Forensic report recipient
; sp=reject    - Subdomain policy
; adkim=s      - Strict DKIM alignment
; aspf=s       - Strict SPF alignment

Use Cases

Preventing email spoofing

Protecting brand reputation

Email deliverability improvement

Compliance requirements

Best Practices

Start with p=none to monitor without blocking
Gradually move to p=quarantine then p=reject
Monitor DMARC reports regularly
Ensure SPF and DKIM are configured correctly first

FAQ

Related Terms

SPF

An email authentication method that specifies which servers can send email for a domain.

DMARC builds on SPF

DKIM

An email authentication method that uses cryptographic signatures to verify message integrity.

DMARC builds on DKIM

Put DMARC Knowledge Into Practice

Start monitoring your infrastructure with WizStatus.

Get started for free Browse More Terms

No credit card required • 20 free monitors forever