DMARC (Domain-based Message Authentication, Reporting and Conformance)

The DKIM and SPF procedures described above can be used to verify whether emails actually originate from the specified sender or whether the sending mail server is actually authorised to send emails for a specific sender domain.

However, neither of the procedures or checks contain any instructions concerning how the receiving mail server should proceed if the check is either successful or fails. DMARC fills this gap. The DMARC policy allows you to define the following options for handling failed DKIM or SPF checks:

  • ‘none’ (= normal delivery of the email)

  • ‘quarantine’ (= place the email in the SPAM folder)

  • ‘reject’ (= email will not be delivered)

Note: DMARC requires a domain alignment that passes SPF and DKIM checks.

To use DMARC, you must store entries with your Internet Service Provider (ISP) in the Domain Name System (DNS) in which you define your DMARC policy.

The Brand Identity Protection gent makes it easy for you to set up SPF and DKIM plus specify your DMARC policy, see Initial set-up: Implementation scenarios.

Additional information