DMARC guide
DMARC gives domain owners policy control and visibility. It relies on SPF and DKIM, but adds alignment checks and reporting so you can see who is using your domain.
DMARC alignment
DMARC requires either SPF or DKIM to pass with domain alignment. Alignment means the authenticated domain matches, or is an allowed subdomain match for, the visible From domain.
DMARC policies
| Policy | Use |
|---|---|
p=none | Monitor only. Start here. |
p=quarantine | Suggest suspicious mail be treated cautiously. |
p=reject | Strongest policy. Blocks unauthenticated mail when receivers honour it. |
Reporting
DMARC reports help you discover shadow senders, vendor misalignment and spoofing attempts. Aggregate reports are the main source of operational insight.
Rollout strategy
- Publish a monitoring record with
p=none. - Review reports and fix legitimate senders.
- Move gradually to quarantine.
- Move to reject only when confident you understand all authorised traffic.