Domain-based message authentication reporting and conformance or DMARC is an open protocol to prevent phishing attacks via impersonation.


DMARC compiles the signals from SPF and DKIM to existing technologies, SPF allows the domain owner to specify which IP addresses are authorized to send  an email on their behalf, DKIM uses an encrypted signature to verify if an email sender is who they say they are and gives the key to the recipient to check back with the sender’s DNS records.


They both produce individual authentication identifiers that help validate email in different ways if you have implemented SPF and DKIM the receiving server can identify who an email is from but does not know if all your traffic is properly configured so cannot act on this knowledge.

DMARC combines the results of SPF and deacon to accurately identify if an email is from either an authorized sender or a fraudulent impersonator and can therefore actively block phishing attacks by enforcing a policy

With DMARC you can instruct receiving servers on how to deal with emails that use your domain by setting your DMARC policy/

  • To accept all email policy =none,
  • Send an email that fails validation to spam policy =quarantine,
  • Actively reject all unauthorized email policy=reject.

Initially when you start – you see DMARC it delivers compliance reports but does not send emails to spam or reject it these reports can then be analyzed by onDMARC to help fix your SPF and DKIM configuration after which you can switch your DMARC policy to actively reject the malicious email.

The compliance reports only contain information about the sending and receiving email service an SPF DKIMand DMARC validation status so no sensitive email data is ever shared.

Find out if your domain is secure at OnDMARC and start blocking fraudulent email today OnDMARC actively blocked phishing attacks increased email deliverability. To learn Digital Marketing and Email Marketing, join our Digital Marketing Bootcamp.