Clean Email

>

Glossary

>

DMARC Record

What Is A DMARC Record In An Email?

Author David Morelo Updated on Oct 16, 2024

Definition

💡 A DMARC record is an important authentication protocol that allows the owners of email domains (such as gmail.com or company.org) to protect their domains from unauthorized use.

DMARC records are combined with other mail authentication protocols, namely Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM), to provide a powerful defensive mechanism against threats like spoofing, phishing, and spam.

What does DMARC stand for?

DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. The name of this mail authentication protocol communicates the fact that it's designed to accomplish three goals:

  • Help email domain owners authenticate their email messages.
  • Generate reports on the authentication results.
  • Dictate how mail servers should handle emails that don't authenticate properly.

What does DMARC do?

In practice, DMARC prevents situations where a malicious attacker modifies the visible sender information (what you see when you receive a message in your favorite mail client) so that it appears to come from a trustworthy source, such as a well-known company or contact. Sadly, such modifications are extremely easy to perform using readily available tools like the infamous Emkei's Fake Mailer.

You can use a DMARC Report Analyzer to understand and analyze DMARC reports, making it easier to prevent email spoofing and phishing attacks. It ensures your emails are legitimate and improves your email security.

What does DMARC do?What does DMARC do?

The good news is that DMARC can cause all messages that don't pass the required authentication checks to be reported, quarantined, or even downright rejected.

What is a DMARC policy?

A DMARC policy is a set of instructions that receiving mail servers follow when they encounter a message that doesn't pass all SPF and DKIM verification checks. Three main DMARC policies exist:

  • p=none: This policy allows domain owners to receive reports on messages that fail SPF and DKIM checks without otherwise affecting their delivery.
  • p=quarantine: Under this policy, messages that fail SPF and DKIM verification checks are moved to the spam or junk folder, rather than being delivered to the recipient's main inbox.
  • p=reject: The strictest of the three, this policy instructs receiving mail servers to outright reject messages that fail SPF and DKIM checks.

These policies can be applied as either "strict" or "relaxed." The difference is that the former requires an exact domain match, while the latter doesn’t.

How does DMARC work?

Here's a high-level overview of how the DMARC authentication process and subsequent policy enforcement work:

  1. A user sends an email that claims to be from a certain domain.
  2. The receiving email server checks if the domain has a published DMARC record in the DNS.
  3. If a DMARC record is found, the server verifies the email's authenticity using SPF and DKIM.
  4. If the email passes both SPF and DKIM, it's considered legitimate. If it fails either or both, the server applies the DMARC policy specified in the record (none, quarantine, or reject).
  5. In any case, the receiving server sends feedback reports to the domain owner with information about which emails passed or failed authentication.

Related content

Related terms

Try Clean Email for Free
*****4.4based on 1011 user reviews
Get Started
InboxClean Your Mailbox

Tools like Quick Clean and Smart Views to help you quickly clean out an overloaded inbox

Mute unwanted emailsUnsubscribe

Keep unwanted emails out of your Inbox by unsubscribing - even from email lists that don’t have an unsubscribe link

Clean your emailsKeep it Clean

Automate repetitive with Auto Clean rules to archive emails as they become old or sort them into folders

Background
Use filters to find emails you want to clean.Arrow
Screener FeatureArrow
UnsubscribeArrow
Auto CleanArrow
Sender SettingsArrow