2024 guide to Google & Yahoo’s new requirements for email

Learn more

Help article

Email Authentication: What is DMARC?

Illustration of mail passing dkim and spf checks

Domain-based Message Authentication, Reporting, and Conformance (DMARC) is an email authentication protocol that domain owners can use to enable policies so that receiving email servers know how to handle unauthenticated emails that have failed authentication checks from other protocols (like SPF and DKIM). DMARC can also allow domain owners to receive reports on email authentication failures.

How does DMARC work?

DMARC works by setting up a DMARC policy on a domain’s DNS records. This policy informs receiving email server providers on how to deal with emails that fail authentication checks. When an email is sent by a domain and it fails authentication with other protocols like SPF or DKIM, the recipient mail server will check the DMARC policy of the domain to decide what to do with the mail.

Policy Description
None This policy tells the recipient servers that no action will be taken but the server will still send reports to the email designated in the DMARC record.
Quarantine This policy tells the recipient servers to quarantine the email which usually results in the mail being sent to spam folders.
Reject This policy tells the recipient servers to reject the email and not allow it to reach the inbox.

For example, if you want to quarantine any mail that fails authentication and send reports to an email address such as “[email protected]”, your DMARC record may look something like this:

v=DMARC1; p=quarantine; rua=mailto:[email protected]

Setting up DMARC

Checkout our email authentication tools to help you set up DMARC records for your domains.

DMARC Lookup

If you are unsure about your DMARC record setup, use our DMARC Lookup tool to verify DMARC records for your domain.

DMARC lookup tool screenshot from EmailGuard

DMARC Generator

Use our DMARC Generator tool to create DMARC records for your domains.

DMARC generator tool screenshot from EmailGuard

Benefits of DMARC

Monitoring. DMARC gives domain owners visibility. Gain valuable insights into your email authentication with DKIM and SPF checks. Use DMARC monitoring to get complete timeline of your DMARC passes and failures.

Deliverability. Increase your chances of landing in the inbox with proper email authentication. Know when your email authentication checks fail and take corrective action to ensure your emails deliver.

Reputation. Protect your emails from being spoofed and safeguard your brand reputation. Ensure your recipients don’t receive any phishing emails that can harm your credibility. Build trust with your customers and use email authentication to protect your domain reputation.

Security. DMARC can help prevent email spoofing, phishing, and other email-based attacks. Increasing your email security with DMARC.

What is email authentication?

Email authentication allows for the verification of email messages to determine if they are sent from legitimate senders and have not been tampered with in transit. In addition to identifying legitimate emails, it also prevents email phishing, spoofing, domain impersonation, and other malicious activities.

How does Email Authentication work?

At its core, email authentication is done through a collection of techniques and protocols used to verify the legitimacy of senders and emails. These techniques utilize cryptographic algorithms like RSA and domain-based verification to ensure the sender’s identity is authentic and the emails have not been accessed or modified by unknown entities.

The three key authentication techniques and protocols used today are:

SPF (Sender Policy Framework). SPF is an email authentication protocol that allows domain owners to specify which mail servers are authorized to send emails on behalf of their domain. This helps prevent email spoofing and phishing attacks.

DKIM (DomainKeys Identified Mail). DKIM is an email authentication protocol that uses public-key cryptography to sign outgoing emails. This signature is then verified by the recipient’s mail server to ensure the email has not been altered in transit.

DMARC (Domain-based Message Authentication, Reporting, and Conformance). DMARC (Domain-based Message Authentication, Reporting, and Conformance). DMARC is an email authentication protocol built on top of SPF and DKIM. To setup a DMARC record, you need to first set SPF and DKIM for your domains. DMARC gives domain owners control over how to handle emails that fail SPF and DKIM checks with the specified policy in their DNS record. DMARC goes a step further by providing insights into your email's authentication status and alignment. This can help you identify any issues with your email authentication setup and take corrective action.

DMARC reports can also provide information on the alignment of the SPF and DKIM checks. Alignment checks if the domain in the “From” header matches the domain in the DKIM signature and the domain in the SPF record. Having proper email authentication protocols acts as a trust signal to email service providers, increasing your email deliverability. By doing so, you are more likely to land in the inbox.

Just using one of these protocols might not be enough, so it is important to incorporate them all to properly authenticate emails. Each of these protocols addresses different email security concerns. SPF acts as a list to tell who is authorized to send emails on your domain’s behalf. DKIM signs your emails with a digital signature to ensure that they have not been altered during transit and were sent by an authorized sender. Finally, DMARC allows your domain to establish policies on what to do when authentication fails.

Everything you need to power up your email game in one place.

Start now for free. No credit card required.