It's time to decode another deliverability acronym. Today, we're going to tackle DMARC, which stands for "Domain-based Message Authentication, Reporting and Conformance."

It's a bit of a mouthful, but it's actually a relatively simple and good thing. This domain-level setting allows a domain owner to:

  • Tell receiving internet service providers (ISPs) and mailbox providers (MBPs) (think Gmail, Yahoo, Outlook.com and others), what to do with email messages sent to email users on their platforms, purporting to be from your domain, but failing authentication checks.
  • Protect your domain name by locking it down, setting a policy that says that mailbox providers should not trust mail from my domain unless it authenticates properly.
  • Instruct mailbox providers where to send reports to help summarize and monitor for email authentication compliance.

DMARC is implemented via a DNS text record. Learn more about that here.

DMARC effectively requires correctly configured SPF (Sender Policy Framework) and/or DKIM (Domain Keys Identified Mail) email authentication as one or more prerequisites before enabling a restrictive (quarantine or reject) policy.

DMARC isn't new -- the spec was announced in 2011, based on industry discussions between major email senders and receivers about how best they could block spoofed email messages.

DMARC garnered a lot of attention in 2023 and 2024, as Google and Yahoo announced that they would require all significant email senders to implement a DMARC record as part of their newly announced sender requirements.

There are many vendors that provider DMARC monitoring and reporting services. These include EasyDMARC, OnDMARC by Red Sift, dmarcian, Valimail and others. Mark Alley publishes a list of DMARC Vendors.

There are various online tools that can help you check for the existence of and validate a domain's DMARC record. These include Wombatmail, WiseTools, dmarcian DMARC Inspector, and MXToolbox.

Most webmail and freemail providers (think Yahoo, Gmail, Outlook.com, etc.) public DMARC records to protect their domain from spoofing, with the side effect that you can't use from addresses in these domains when sending email messages from an email service provider (ESP), email marketing tool, or newsletter tool. Most of these tools now require you to purchase and utilize your own domain name, and I strongly recommend it, even if a given platform does not require it.

A domain name should have only one DMARC record at the top level of the domain. Here's guidance about what you should do regarding DMARC records at a subdomain level.

Learn more about DMARC:

And of course, don't forget to check out the DELIVTERMS section here on Spam Resource, where we define the common terms used in email technology and deliverability.

Post a Comment

Comments