DMARC

Domain-based Message Authentication, Reporting and Conformance (DMARC), in conjunction with SPF and DKIM, allows domain owners to authorise who can use their domains in the From field of a message.

Domain owners publish a DMARC policy which instructs receiving mailbox providers to reject non-compliant messages. DMARC requires that either SPF or DKIM be aligned in order to be compliant

You publish a DMARC policy in the DNS for the From domain.

Policies can be:

• Enforcing - non-compliant messages are more like to be rejected.

• Passive (or non-enforcing) - there is no policy and you are just putting in a placeholder authentication.

There are three primary aspects of DMARC: identifier alignment, failure handling, and failure reports.

Publishing a DMARC policy

Talk to your IT people to see you have a DMARC record on organisational/root domain(s) used in the from address on your campaigns.

If you do not have a DMARC record, there are online tools that you can use to add a simple, non-enforcing policy.

For more information on the anatomy of a DMARC resource record in the DNS, see the DMARC website.

Benefits of DMARC

Identifier alignment

By publishing a DMARC policy you request that messages which do not have valid and aligned SPF or DKIM are rejected or placed in the recipient's spam folder.

Failure handling

Allows you to control how authentication failures are handled for emails sent using your domain.

Failure reports

Allows you to request reports from email receivers containing information on any SPF and DKIM failures using your domain.

This is beneficial to email marketers as the failure reports give you insight into how effective your authentication mechanism is and, potentially, warn you of any changes or failures in the setup.