Glossary

DMARC

DMARC builds on SPF and DKIM to tell receivers how to handle mail that fails authentication and sends you reports on abuse of your domain.

DMARC (Domain-based Message Authentication, Reporting and Conformance) ties spf and dkim together into an enforceable policy and gives domain owners visibility into who is sending mail as their domain.

How it works

A txt-record at _dmarc.example.com declares the policy:

v=DMARC1; p=reject; rua=mailto:[email protected]

Alignment — the visible From: domain must match the authenticated SPF/DKIM domain.
Policy (p) — none (monitor), quarantine, or reject.
Reporting (rua) — where to send aggregate reports.

Why it matters for hosting

DMARC is what actually stops spoofing of your domain, and major mailbox providers now require it for bulk senders. The recommended path is to start at p=none, study the reports to confirm all legitimate sources pass spf and dkim, then tighten to quarantine and finally reject.

See also

SPF (Sender Policy Framework) SPF is a DNS TXT record listing which servers may send email for your domain, helping receivers reject forged messages and spam. DKIM (DomainKeys Identified Mail) DKIM cryptographically signs outgoing email so receivers can verify it truly came from your domain and was not altered in transit. TXT Record A TXT record stores arbitrary text in DNS, widely used for domain verification and email authentication policies like SPF, DKIM, and DMARC. MX Record An MX record is the DNS entry that directs a domain’s email to the correct mail servers, with priority values choosing primary and backups.

← All terms