What is DMARC and How to Use It

May 8, 2023 | Blog, DMARC, Security

While emails have become a critical part of our daily lives, they have also become a major target for cybercriminals who use email spoofing and phishing attacks to steal personal information and spread malware. DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol designed to combat these attacks by actively verifying the authenticity of email messages.

In this article, we’ll explore what DMARC is, how it works, and how you can implement DMARC policies to improve the security and deliverability of your email communication.

What is DMARC?

DMARC is an email authentication protocol that works by using two other email authentication protocols, SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail), to verify the authenticity of an email message. SPF checks the IP address of the email sender against a list of authorized IP addresses published in the DNS records of the domain, while DKIM uses a cryptographic signature to verify that the email was not modified in transit and was sent by an authorized sender.

Once the email has been authenticated using SPF and DKIM, DMARC provides a policy for what action should be taken based on the authentication results. The DMARC policy can be set to three different actions: none, quarantine, or reject.

How to Implement DMARC Policies

To implement DMARC policies, you need to publish a DMARC record in your domain’s DNS records. The DMARC record specifies the policy that should be applied to emails that fail authentication, as well as the email address where DMARC reports should be sent.

To publish a DMARC record, you’ll need to create a TXT record in your domain’s DNS records. The TXT record should contain the DMARC policy, which consists of three parts: the policy type, the email address where DMARC reports should be sent, and the percentage of emails that should be subjected to the policy.

For example, the following DMARC policy instructs receiving mail servers to reject any emails that fail authentication and send DMARC reports to dmarc@example.com for 100% of emails:

v=DMARC1; p=reject; rua=mailto:dmarc@example.com; pct=100;

Common DMARC Policy Errors

When implementing DMARC policies, there are several common errors that can cause issues with email delivery. These include:

  • Not publishing a DMARC record at all
  • Setting the policy type to “none” instead of “reject”
  • Not specifying an email address for DMARC reports
  • Setting the percentage of emails subjected to the policy to 0%

To avoid these errors, it’s important to carefully review your DMARC policy before publishing it, and to test it using DMARC reporting tools to ensure that it’s working correctly.

How to Interpret DMARC Reports

DMARC reports provide valuable insights into your email traffic, including which emails are authenticating and which are not. To interpret DMARC reports, you’ll need to use a DMARC reporting tool like MXtoolbox which can parse the DMARC reports and provide you with easy-to-read charts and graphs.

Using DMARC to Improve Email Deliverability

In addition to improving email security, DMARC can also be used to improve email deliverability by ensuring that legitimate emails are not blocked or sent to spam. By implementing DMARC policies correctly and monitoring DMARC reports, you can identify and fix issues that may be causing emails to be marked as spam or blocked by receiving mail servers.

DMARC policy examples

1. DMARC policy set to “none”

"v=DMARC1; p=none; rua=mailto:dmarc_reports@yourdomain.com"

This DMARC policy instructs receivers to send DMARC aggregate reports to the email address specified in the rua tag. The policy set to “none” means that the receivers should take no action against emails that fail DMARC checks.

2. DMARC policy set to “quarantine”


"v=DMARC1; p=quarantine; rua=mailto:dmarc_reports@yourdomain.com"
This DMARC policy instructs receivers to send DMARC aggregate reports to the email address specified in the rua tag. The policy set to “quarantine” means that the receivers should send emails that fail DMARC checks to the spam or junk folder.

3. DMARC policy set to “reject”

"v=DMARC1; p=reject; rua=mailto:dmarc_reports@yourdomain.com"
This DMARC policy instructs receivers to send DMARC aggregate reports to the email address specified in the rua tag. The policy set to “reject” means that the receivers should reject emails that fail DMARC checks and not deliver them to the recipient’s inbox.

It’s important to note that DMARC policies should be implemented gradually, starting with a policy set to “none” to allow for monitoring and adjustment of the policy before moving on to “quarantine” or “reject”. This ensures that legitimate emails are not blocked or sent to spam by mistake. It’s also important to regularly review DMARC reports to identify any issues and make necessary adjustments to the policy.

Need reporting software?

The best thing about DMARC is the reporting. You can get reports whenever unaligned e-mails are identified by e-mail providers which helps you to debug any deliverability issues.

We recommend going with some of the big guys like dmarcian who support automatic, aggregated reports showing you in detail how your e-mails are delivered.


DMARC is an essential tool for anyone who wants to improve the security and deliverability of their email communications. By implementing DMARC policies correctly and monitoring DMARC reports, you can actively protect your domain from email spoofing and phishing attacks, ensuring secure and reliable email communication. Invest in DMARC to safeguard your organization’s reputation and maintain trust with your recipients in the ever-evolving landscape of email security.

Heysender blog

Read our other blog entries to get new inspiration for your transactional emails.

How a Deliverability Audit Can Save Your Email Marketing Efforts

Investing significant time and effort into crafting compelling email marketing campaigns can be rendered ineffective if those messages fail to reach their intended recipients.  Unfortunately, this scenario is not uncommon. Emails can be relegated to spam folders or...

How Honeypots and Spam Traps Can Sabotage Your Email Campaigns

Ever hit send on a perfectly crafted email campaign, only for it to vanish into the abyss? As an email sender, you live in fear of spam filters and low deliverability rates. Beyond the well-known challenges of spam filters, have you considered the potential impact of...

Unleash the Power of Automation: Using Webhooks in Your Email Platform

Ever wished your email platform could talk to your other business tools? Well, with webhooks, it practically can! Webhooks are a game-changer for email marketers, offering real-time notifications and automated workflows that streamline your campaigns and boost...

The Pitfalls of “No Reply” Emails: Why Engagement Matters

Whether it's a confirmation of a purchase, a receipt for a service, or a password reset, transactional emails play a crucial role in maintaining customer relationships and providing essential information. However, there's a pervasive practice that has found its way...

Optimizing Email Deliverability: The Importance of Domain Warm-Up

In the context of transactional emails, where timely and critical information is exchanged between businesses and users, ensuring deliverability is paramount. Transactional emails, such as order confirmations, account notifications, and password resets, play a pivotal...

The Power of Metrics in Transactional Emails

Transactional emails play a crucial role in fostering customer relationships and facilitating smooth business operations. Unlike marketing emails, which aim to promote products or services, transactional emails are triggered by specific user actions, such as account...

Harnessing the Power of Transactional Emails: Types, Examples and Best Practices

In the ever-evolving landscape of digital communication, transactional emails have emerged as a crucial component in maintaining a seamless and efficient interaction between businesses and their customers. Unlike promotional emails, which aim to market products or...

Boosting Email Visibility: How to Stand Out in the Inbox with BIMI

With inboxes flooded with emails daily, it's crucial for businesses to find innovative ways to capture the attention of their recipients. One effective solution gaining traction is the use of BIMI (also known as Brand Indicators for Message Identification). In this...

New Steps in our Data Security Efforts: Heysender Completes ISAE 3000 Revision

Heysender Gets ISAE 3000 Report The ISAE 3000 report investigates how employees in the organization treats and stores your data, and how GDPR processes are communicated and followed in the daily work.  The revision and report are carried out by an external accountant....

Navigating Web Hosting: Dedicated IP vs. Shared IP

When it comes to web hosting and managing online presence, understanding the nuances of IP (Internet Protocol) addresses is paramount. In the world of web hosting, IP addresses are categorized into two main types: Dedicated IP and Shared IP. These two types play a...