What is DMARC in email?
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol that helps domain owners protect their domains from spoofing, phishing, and other forms of fraudulent email activity. It builds on two existing authentication technologies (SPF and DKIM) and adds a layer of policy enforcement and visibility that enables organizations to identify, monitor, and stop unauthorized use of their domains.
By publishing a DMARC policy in the DNS TXT record for their domain, organizations can tell mailbox providers what to do when messages fail authentication checks, whether to deliver, quarantine, or reject them. DMARC also provides a reporting framework that sends daily feedback on authentication results, giving domain owners deep insight into their email ecosystem.
DMARC works by combining authentication and policy evaluation in three steps:
Example DMARC record:
v=DMARC1; p=reject; rua=mailto:dmarc-reports@example.com; ruf=mailto:dmarc-failures@example.com; pct=100; aspf=s; adkim=s;In this example:
v=DMARC1 declares the versionp=reject enforces a strict policy to block unauthenticated mailrua and ruf define reporting addresses for aggregate and forensic datapct=100 applies the policy to all messagesaspf and adkim specify alignment modes for SPF and DKIMThe policy tag (p=) defines how receiving servers handle failed authentication results:
p=none – Monitor authentication results without taking actionp=quarantine – Send suspicious emails to the spam or junk folderp=reject – Block messages that fail authentication entirelyMany organizations start with p=none to collect data safely before moving toward enforcement (quarantine or reject), ensuring that all legitimate senders are properly authenticated.
DMARC’s reporting feature is one of its most powerful components. Mailbox providers generate and send reports to the domain’s Reporting URIs (RUA/RUF). These reports contain data on message sources, pass/fail results, and alignment status. They help administrators understand:
Over time, DMARC reporting helps organizations fine-tune their authentication setup, identify legitimate third-party senders, and eliminate unauthorized sources.
DMARC provides several key benefits for both security and deliverability:
Because most cyberattacks start with fraudulent email, implementing DMARC significantly reduces risk by ensuring that only verified sources can send messages using your domain name.
DMARCeye helps organizations manage every step of their DMARC journey, from policy creation to full enforcement and ongoing monitoring. Its analytics engine automatically processes aggregate (RUA) and forensic (RUF) reports, visualizing authentication results across all domains and providers in a single dashboard.
DMARCeye identifies unauthorized senders, detects configuration errors, and tracks the success rate of SPF and DKIM alignment over time. It also simplifies the complex XML data from mailbox providers into actionable insights, allowing security teams to move from observation to enforcement with confidence.
For organizations operating multiple domains or using multiple Email Service Providers (ESPs), DMARCeye correlates data across all mail streams, making it easy to see where authentication fails and how to fix it. The platform also validates DNS records, alignment configurations, and policy changes in real time to prevent compliance gaps or accidental misconfigurations.
By offering continuous visibility and intelligent reporting, DMARCeye transforms DMARC implementation from a technical challenge into a manageable, measurable security initiative that directly protects your brand and customers.
Sign up for a free trial of DMARCeye today and secure your email domain.
To learn more about DMARC and DMARC-related terms, explore the DMARCeye Glossary.