Domain Message Authentication Reporting Conformance (DMARC)

This page has moved. You will be redirected in 5 seconds. Please bookmark the new page.

Since various ESPs might legitimately send messages on behalf of a domain, it can be difficult for a sender to know which of their messages authenticate properly with mailbox providers. To address this issue, Domain Message Authentication Reporting and Conformance (DMARC) provides a standard way for senders to establish policies for mailbox providers to use when email from them doesn’t pass SPF and DKIM.

The policies outline the criteria providers should use to determine whether messages pass or fail the checks and how they should handle messages that don’t pass, such as whether they should accept them, send them to the spam folder, or reject them entirely. The policies also detail the information mailbox providers should include in periodic reports to senders about which messages authenticate, which do not, and why.

To use DMARC, your organization must configure SPF and use a custom DKIM signature. We recommend you update all email servers that use your domain — such as the ones your organization uses locally — before you publish a DMARC policy. Given the complexity of this authentication method, and the significant impact improper configuration could have, we recommend you consult with your own email specialist before you implement it.