Sender logo
  • Log in
  • Start With Free Plan
    Grow your business, not your expenses
    Turn curious visitors into devoted fans and drive more sales – no cost to get started!
    • Free Forever plan for 2,500 subscribers and up to 15,000 emails/month
    • Free & responsive email templates library
    • Free popups & forms
    • Intuitive drag-and-drop email builder
    • Unlimited automation and segmentation
    • Premade automation workflows
Start free
Menu

DMARC Record

Deliverability & Technical Infrastructure

DMARC Record: What It Is & How It Works

A DMARC record is a DNS text entry that tells receiving mail servers what to do with emails that fail authentication checks — and where to send reports about those failures. It’s part of the foundation of email security and deliverability, sitting above two other authentication protocols it depends on: SPF and DKIM.

DMARC, which stands for Domain-based Message Authentication, Reporting, and Conformance, is an open email authentication protocol that provides domain-level protection of the email channel. A DMARC record is a special text entry — known as a DNS TXT record — that lives in a domain’s DNS settings, acting like a set of instructions for receiving mail servers.

The simplest way to think about it: DMARC is the policy layer. SPF and DKIM do the actual authentication work. DMARC reads their results and decides what happens next — deliver the email, quarantine it, or reject it outright.

What DMARC Builds On: SPF and DKIM

DMARC doesn’t authenticate emails on its own. It works by layering on top of two existing standards.

SPF (Sender Policy Framework) specifies which IP addresses are authorised to send email on behalf of a domain. SPF records list all the IP addresses of all the servers that are allowed to send emails from the domain — like a publicly available employee directory that helps confirm whether an email actually came from an authorised source.

DKIM (DomainKeys Identified Mail) adds a cryptographic signature to outgoing emails, allowing the receiving server to verify the message hasn’t been tampered with in transit.

DMARC tells a receiving email server what to do given the results after checking SPF and DKIM — it can instruct mail servers to quarantine emails that fail SPF or DKIM, to reject them, or to deliver them regardless. Without DMARC, even if SPF or DKIM fails, the receiving server has to make its own judgment call. DMARC removes that ambiguity.

The Three DMARC Policy Settings

The most critical part of a DMARC record is its policy tag p=, which tells receiving servers exactly what to do with a failing email.

There are three options:

  • p=none — Take no action. Emails still get delivered, but reports are sent. This is the starting point — a monitoring mode used to understand current email traffic before enforcing anything.
  • p=quarantine — Move suspicious emails to the spam or junk folder instead of the inbox. A middle ground that protects recipients without outright rejecting mail.
  • p=reject — Block the email entirely. The strictest setting and the end goal for most domains that want full protection against spoofing.

A typical DMARC record looks like: v=DMARC1; p=quarantine; rua=mailto:example@domain.com — where v=DMARC1 identifies the record as a DMARC policy, p=quarantine sets the policy, and rua= specifies where aggregate reports should be sent.

DMARC Reporting

One of DMARC’s most underrated features is its built-in feedback loop. The DMARC record enables reports to be sent back to the domain owner about which messages are authenticating and why — providing a way to see how email claiming to come from a domain is being authenticated, and whether those messages are passing or failing checks.

These reports come in two types. Aggregate reports (RUA) are daily summaries from inbox providers showing all email activity using the domain — which IPs are sending, what’s passing, what’s failing. Forensic reports (RUF) are real-time alerts triggered by individual authentication failures, containing more detailed message data.

Most organisations start with p=none and use aggregate reports to map all their legitimate sending sources before tightening policy. Moving to p=reject without that groundwork can accidentally block legitimate email.

Why DMARC Matters for Email Marketing

DMARC isn’t just an IT security measure — it has direct implications for email marketers too. In 2024, Google and Yahoo introduced requirements mandating DMARC implementation for bulk senders sending more than 5,000 emails daily, to maintain inbox deliverability.

Without a published DMARC record, bulk emails face a higher risk of being filtered or blocked by major inbox providers.

Beyond compliance, a strong DMARC setup protects brand reputation by ensuring only authorised senders can send email from a domain — preventing phishing campaigns and spoofing attacks that impersonate a business to its own customers.

A brand whose domain is being spoofed suffers both security and deliverability damage, even if the fraudulent emails have nothing to do with its own campaigns.

Key Takeaways

  • A DMARC record is a DNS TXT entry that instructs receiving mail servers on what to do — deliver, quarantine, or reject — when emails fail SPF and DKIM authentication checks.
  • It has three policy settings: none (monitor only), quarantine (send to spam), and reject (block entirely) — most domains start at none before gradually moving to enforcement.
  • DMARC also sends aggregate reports to a specified email address, providing data about all messages seen from the domain — giving senders visibility into who is sending on their behalf and whether authentication is passing.
  • Since 2024, Google and Yahoo require DMARC records for bulk senders, making it a baseline requirement for reliable inbox delivery, not just a security nice-to-have.
  • DMARC works alongside SPF and DKIM — all three need to be in place and properly configured for full email authentication coverage.
Article by:
Author photo
Emily Austin
Emily is a content manager who has dipped her toes in almost all fields of marketing, including email marketing, PR, social media, and ecommerce. She’s also no stranger to testing out marketing tools, always keen to find out whether they truly deliver or are just full of big promises. She loves perfecting digital content, ensuring everything is polished and ready to go live.
Simple email marketing with affordable pricing
  • Premium features included
  • No hidden costs or usage limits
  • Scale from startup to enterprise
Start With Free Plan Compare Plans
Join over 180,000 companies using Sender
Simple email builder illustration