DMARC (Domain-based Message Authentication)

DMARC builds on SPF and DKIM to define how receivers should handle unauthenticated mail. It is published as a TXT record at _dmarc.example.com and can enforce quarantine or rejection.

What DMARC controls

DMARC policies specify alignment and reporting. You can validate your policy with the DMARC check tool and cross‑check supporting TXT values using the TXT lookup tool.

Common mistakes

• Publishing the record at the root instead of _dmarc.
• Missing the required p= policy tag.
• Invalid reporting URIs or malformed tag syntax.
• Leaving p=none indefinitely with no enforcement plan.

How to check DMARC online

Use the DMARC checker to validate tags and policy. If you are building an email stack, run the Email DNS Check and review the SPF wiki for sender authorization details.

Practical examples

• v=DMARC1; p=none; rua=mailto:dmarc@example.com; adkim=r; aspf=r
• v=DMARC1; p=quarantine; pct=100; rua=mailto:reports@example.com

Related records

DMARC depends on SPF and DKIM (TXT records). Review the TXT guide and validate MX routing with the MX lookup tool.