What Is DMARC?
DMARC, also known as Domain-based Message Authentication, Reporting and Conformance, is a form of email authentication that builds on existing authentication protocols. These authentication protocols play an important role in protecting users from spammy or malicious email content.
We’ve previously covered other email authentication protocols including DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF). In this post, we’ll cover DMARC, what it does, and how it compares to other email authentication methods.
What Is DMARC?
DMARC allows a recipient to confirm that an email is truly coming from the sender and is not a piece of spam or a phishing attack. It helps prevent email spammers from sending spoofed versions of your domain’s “header from” field (the “from” the subscriber sees in the inbox).
DMARC combines the power of two other email authentication methods: SPF and DKIM. It ensures that the email receiver blocks any kind of fraudulent email messages that may be coming from a specific domain.
How Does DMARC Work?
Like other email authentication methods, senders publish a DMARC policy in their Domain Name System (DNS) server. A DNS server essentially translates a domain name (such as “emailonacid.com”) into an IP address to find the correct site. Our friends at SendGrid have a more detailed explanation of DNS records here.
Within that DMARC policy, the sender specifies how its email is authenticated and what the receiving mail server should do if any email violates that policy.
When a message comes in to a receiving mail server, the server checks the DMARC policy for the domain in the “header from.” It then inspects the message’s DKIM signature and SPF. For DMARC to pass, the message must pass both DKIM and SPF and at least one of the two (DKIM or SPF) must align.
What does it mean to “align?” For SPF to align, the email’s return address (“envelope from”) and “from” domain must match. For DKIM to align, the email’s DKIM d=domain and “from” domain must match.
If the message does not pass DMARC, the policy will tell the receiving server what to do with the message. It may say to quarantine the message to a folder other than the inbox (like the spam folder) or reject it completely.
How Can I Check My DKIM and SPF?
Email on Acid’s Spam Testing feature offers SPF and DKIM testing. When you run a test, you will find it under the “Feedback Filters” column. The tool will tell you whether you fail or pass SPF and DKIM tests, and the result will look like this:
When testing for SPF and DKIM, you’ll want to make sure you use the seed list testing method (or “use my SMTP email server” if you have your own SMTP server), so Email on Acid gets results directly from your server. You can learn more about running a spam test here.
There is a third option for spam testing within Email on Acid: sending the test through our domain. While this may be a quick way to test, it won’t give you accurate information about your SPF and DKIM because the test will be sent using our domain (emailonacid.com), not yours.
What Does a DMARC Record Look Like?
A DMARC record is a specific TXT record in the DNS. It usually looks something like this:
Broken down, here’s what each piece of the record means:
- V – Version of the DMARC protocol
- Pct – Percentage of messages that are subject to filtering
- Rua – Where to send aggregate reports
- P – The preferred response to the DMARC policy. It could be p=reject or p=quarantine.
There are more details you can include in your record, such as addresses for forensic reports and responses for subdomains. DMARC.org has more info on those additional details here.
Receiving servers generate DMARC reports that can inform email senders how their messages are performing with the authentication protocols. There are two different kinds of DMARC reports, forensic and aggregate:
- Forensic reports include the individual messages that didn’t pass the DMARC authentication. This can help email senders find problems with the message to determine why it failed authentication.
- Aggregate reports give stats on overall messages sent and authentication results.
Learn More About Spam Testing and Deliverability
Want to absorb more email deliverability content? We’ve got plenty!
- Is 100% Deliverability Possible?
- What Is My SpamAssassin Score and What Does it Mean?
- Find and Fix Deliverability Issues
- What Is SPF?
- How Email Spam Tests Work and What You Can Do to Pass Them
- What Is DKIM?
Author: Melanie Graham
Born and raised in New England, Melanie has a background as a writer, editor and journalist. After roaming the U.S. as an expert vagabond, she’s landed in Denver as Email on Acid’s content manager. She’s a music nerd at heart who loves spending time at the piano.