Skip to content
RelayPost Docs

What Is DMARC?

What Is DMARC?

Section titled “What Is DMARC?”

DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication policy that ties SPF and DKIM together and tells receiving servers what to do when authentication fails. It lets domain owners specify whether unauthenticated email should be monitored, quarantined, or rejected, and provides aggregate reports on authentication results.

DMARC builds on SPF and DKIM. Without DMARC, receiving servers decide on their own what to do with emails that fail authentication.

How DMARC Works

Section titled “How DMARC Works”
  1. You publish a DMARC TXT record in your domain’s DNS
  2. A receiving server gets an email claiming to be from your domain
  3. The server checks SPF and DKIM authentication results
  4. If both fail, the server follows your DMARC policy (none, quarantine, or reject)
  5. The server sends aggregate reports to the address specified in your DMARC record

How to Set Up DMARC

Section titled “How to Set Up DMARC”
  1. Ensure SPF and DKIM are already configured
  2. Add a TXT record at _dmarc.yourdomain.com
  3. Start with a monitoring policy: v=DMARC1; p=none; rua=mailto:[email protected]
  4. Review DMARC reports for 2–4 weeks to identify legitimate senders
  5. Move to p=quarantine once you are confident all senders are authenticated
  6. Optionally move to p=reject for maximum protection

DMARC Policy Options

Section titled “DMARC Policy Options”
PolicyBehaviorWhen to Use
p=noneMonitor only — no action on failuresInitial setup, gathering data
p=quarantineSend failing emails to spam folderAfter reviewing reports
p=rejectReject failing emails entirelyMaximum protection

Frequently Asked Questions

Section titled “Frequently Asked Questions”

Do I need DMARC if I have SPF and DKIM?

Section titled “Do I need DMARC if I have SPF and DKIM?”

DMARC is strongly recommended even if you have SPF and DKIM. Without DMARC, receiving servers decide on their own what to do with authentication failures. DMARC gives you control over that decision and provides reports on who is sending email using your domain.

What is DMARC alignment?

Section titled “What is DMARC alignment?”

DMARC alignment means the domain in the From header matches the domain authenticated by SPF or DKIM. SPF alignment checks the Return-Path domain. DKIM alignment checks the d= domain in the DKIM signature. At least one must align for DMARC to pass.

How do I read DMARC reports?

Section titled “How do I read DMARC reports?”

DMARC aggregate reports are XML files sent to the email address in your rua= tag. They show which servers sent email using your domain, whether SPF and DKIM passed, and how many messages were affected. Use a DMARC report analyzer tool to parse them into readable dashboards.

What happens if DMARC fails?

Section titled “What happens if DMARC fails?”

The action depends on your DMARC policy. With p=none, nothing happens — the email is delivered normally. With p=quarantine, the email goes to the spam folder. With p=reject, the email is rejected entirely and never reaches the recipient.