logo

Let's Be DMARC Compliant

[email protected]

Meet GoDMARC, To save your domain from spoofing and phishing attacks.

GoDMARC Breadcrumb

What is a DMARC policy?

Domain-based message authentication is what DMARC stands for, Reporting, and Conformance. It is a protocol that allows domain owners to control and protect their email domain from unauthorized use, such as phishing, spoofing, and other types of email fraud.

A DMARC policy is a set of instructions that a domain owner publishes in the Domain Name System (DNS) to specify how receiving email servers should handle email messages that claim to come from their domain. The DMARC policy tells receiving email servers whether to accept, reject, or quarantine emails that fail DMARC authentication checks.


dmarc policy xml

The DMARC policy includes rules for:

  • How to authenticate incoming email messages using SPF (Sender Policy Framework) and/or DKIM (DomainKeys Identified Mail) protocols.
  • How to handle email messages that fail DMARC authentication checks, such as reject, quarantine, or deliver with a warning message.
  • How to send aggregate reports on DMARC authentication results to the domain owner, which helps identify and stop email fraud attempts.
  • By publishing a DMARC policy, domain owners can protect their brand reputation, improve email deliverability, and reduce the risk of phishing and other types of attacks.

What does a DMARC policy do?

A DMARC (Domain-based Message Authentication, Reporting, and Conformance) policy is an email authentication protocol that is used to protect email domains from unauthorized use or spoofing. The DMARC policy allows the domain owner to specify which email servers are authorized to send emails on behalf of their domain.

When a DMARC policy is implemented, incoming emails are checked to ensure that they come from an authorized server. If an email fails the DMARC check, it can be rejected or marked as spam, depending on the policy that has been set up.

DMARC policies help prevent email phishing and spoofing attacks, which are commonly used by cybercriminals to trick recipients into disclosing sensitive information or downloading malware. By implementing a DMARC policy, organizations can improve the security of their email communications and protect their brand reputation.

with dmarc without dmarc
dmarc policy - GoDMARC

What are the types of DMARC policy?

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a policy framework that allows domain owners to specify how they would like email receivers to handle unauthenticated emails that claim to be from their domain. There are three types of DMARC policies:

  • None: This policy is used to monitor emails that claim to be from the domain but have not been authenticated. Under this policy, email receivers will send DMARC reports to the domain owner, which will provide information on how many emails have been received and how many have passed or failed DMARC checks.
  • Quarantine: This policy instructs email receivers to place unauthenticated emails in the recipient's spam or junk folder. Under this policy, the email is still delivered to the recipient, but it is flagged as potential spam.
  • Reject: : This policy instructs email receivers to reject unauthenticated emails that claim to be from the domain. Under this policy, the email is not delivered to the recipient, and the sender receives a bounce message indicating that the email was rejected.

Domain owners can choose the level of DMARC policy that they want to implement based on their specific needs and security requirements.

Which DMARC policy should you use and why?

GoDMARC DKIM

When it comes to DMARC policies, there isn't a one-size-fits-all solution. The policy you should use depends on your specific needs and email practices. Here are the three DMARC policies to choose from:

  • None: This policy is useful when you're just starting to implement DMARC. It lets you monitor your email traffic and gather data on who is sending emails on behalf of your domain, without impacting email delivery. With this policy, you'll receive DMARC reports that show how your emails are being handled by receivers.

  • Quarantine: This policy tells receivers to quarantine emails that fail DMARC checks, which means the email will be sent to the spam folder. This policy is useful when you're confident that your email practices are legitimate and you want to start protecting your domain from email spoofing and phishing attacks.

  • Reject: This policy tells receivers to reject emails that fail DMARC checks, which means the email will be rejected outright and not delivered to the recipient's inbox. This policy is useful when you're confident that your email practices are legitimate and you want to enforce strict policies to protect your domain from email spoofing and phishing attacks.

  • In summary, you should choose the DMARC policy that best fits your email practices and risk tolerance. If you're just starting to implement DMARC, the None policy is a good place to start. If you're confident in your email practices and want to start protecting your domain from email spoofing and phishing attacks, Quarantine or Reject policies are good choices.

dmarc policy stages

Which DMARC policy prevents spoofing?

DMARC (Domain-based Message Authentication, Reporting, and Conformance) policies are used to prevent email spoofing and protect against phishing attacks. There are three possible DMARC policies that a domain owner can specify: "none", "quarantine", and "reject". Of these three policies, both "quarantine" and "reject" are designed to prevent spoofing.

The "quarantine" policy instructs email receivers to treat emails that fail DMARC authentication as potentially suspicious and to deliver them to the recipient's spam or junk folder. This policy allows the domain owner to monitor potential spoofing attempts without completely blocking the email.

On the other hand, the "reject" policy instructs email receivers to reject emails that fail DMARC authentication outright. This policy provides a higher level of protection against spoofing, as it ensures that any email that fails authentication will not be delivered to the recipient's inbox.

So, while both "quarantine" and "reject" policies can help prevent email spoofing, the "reject" policy is more effective at preventing fraudulent emails from being delivered to the recipient.

DMARC

Look Up DMARC Record

Learn More
DKIM

Look Up DKIM Record

Learn More
BIMI

Look Up BIMI Record

Learn More
SPF

Look Up and validate SPF Record

Learn More