DMARC is an email authentication protocol designed to give domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. It builds upon the SPF and DKIM protocols by adding a reporting function and a policy enforcement layer. This allows senders to instruct receivers on how to handle messages that fail authentication checks.
How it works
The protocol is implemented via a TXT record in the domain's DNS settings. This record contains tags such as p (policy) and rua (reporting URI). When an email is received, the mail server checks if the message aligns with the SPF and DKIM records. If the alignment fails, the server follows the instruction defined in the DMARC policy: none, quarantine, or reject.
DMARC provides visibility into email traffic through aggregate reports. These reports help administrators identify legitimate third-party services sending mail on their behalf and detect phishing campaigns. Transitioning to p=reject ensures that only authorized mail reaches the recipient's inbox, significantly reducing the risk of business email compromise (BEC) attacks.
none: used for initial data collection and monitoring without impact;quarantine: sends unauthenticated mail to the recipient's junk folder;reject: instructs the receiving server to drop unauthenticated mail entirely.