What is DMARC and What Do the Recent Changes Mean for Email Marketers?

What is DMARC and What Do the Recent Changes Mean for Email Marketers?
28 Dec 2020

What is DMARC and What Do the Recent Changes Mean for Email Marketers?

DMARC (Domain-based Message Authentication Reporting and Conformance) is a policy to protect users from spam and phishing emails.To describe DMARC in more precise, scientific terms, it is message authentication, reporting, and domain name-based compliance checking.


DMARC was launched in 2010 as an anti-phishing tool. It was supported by e-mail providers Hotmail, Yahoo! Mail, AOL, Comcast, GMail, Netease and Newsletter Senders American Greetings, Bank of America, Facebook, Fidelity, JPMorgan Chase & Co., LinkedIn, PayPal.

How DMARC Works

Imagine you are sending out a bulk email. In this case, it is important for an email provider, to know that you have allowed sending letters on your behalf. That letters from your domain are sent by you, and not by some scammer.DMARC regulates this process. It tells the server what to do with the message if the DKIM and SPF records are incorrect. Correct DKIM and SPF confirm that the letter was actually sent from the domain specified in the "From:" field in the letter. Even if the email is technically sent from other servers and not from your mail server.Thus, DMARC is responsible for mail authentication. That is, for the sender's authentication procedure.

Let's see how exactly DMARC does this.

DMARC is a protocol that records what to do with a message after reading DKIM and SPF records. DKIM and SPF are entries in the mail domain settings. They tell the email provider what to do with the email they receive.

DKIM works like this: the letter contains encrypted data about who sent the letter and when. The postal provider (Gmail) receives this data along with the letter. The provider decrypts them using the public key posted on the domain from which the letter was sent. If the data match, it means that this is an honest sender, the letter can be sent to the "Inbox". If not - a fraudster, the letter is sent to "Spam".

What DMARC does:

To understand better, let's see how these protocols work when sending a regular mailing list.

How is sending and receiving a letter going today:

1. The letter has been sent;

2. The sending server assigns DKIM to each message;

3. The letter was received by the recipient's provider;

4. The provider checks the reputation of the domain, the entry of email and domain into black lists, the IP addresses of the servers from which the letter was sent. As part of this check:

- The ISP decrypts and verifies the DKIM. Is the letter sent from this domain exactly, or is it a fake?

- The ISP decrypts and verifies the SPF. Is it allowed to send letters from this domain to this IP?

- The ISP applies the policy specified in DMARC. In DMARC it is written to send to "Spam" those whose DKIM does not match and send a report about this to the domain administrator.

5. Standard spam filters are applied to the message.

6. There are three options for the development of events after:

- The letter is missed and goes to the recipient's Inbox. If DKIM and SPF are ok and spam filters passed.

- The letter has been added to quarantine (in "Spam"). If the DKIM does not match and / or the spam filters are not passed.

- The letter was rejected (not delivered). Individual reasons: for example, the user's mailbox is clogged.

7. After the letters are distributed, an automatic report is generated and sent to the sender, where it is written what happened to the sent letters.

How to set up DMARC

To set up DMARC, you need:

We have listed the most common entries in the examples. You can just copy the entry from there.

You need to find the section in your hosting where TXT records are edited. A TXT record is a type of text-formatted DNS record that tells external sources what to do. For example, it confirms ownership of the domain. Or, like DMARC, it tells mailers what to do with emails from this domain.

Examples of DMARC records and what they mean

You can simply copy the entry that suits your task. If something does not work out - contact the Customer Care Service, they will certainly help you.

Example 1. What to write in DMARC if you do not send mailings.

If you have a small site, you do not do bulk mailing and only use corporate mail, a basic DMARC record is enough for you.

Example 2. What to write in DMARC if you do mailings

If you do mailings, you need to register DMARC so that you receive a report on dispatches and the policy to specify none, since you do not yet know what other letters are sent from your domain. If you set quarantine you can send good, but incorrectly configured emails to "Spam".

Example 3. Reject all messages that do not pass DMARC check

Such an entry will mean that all letters that do not have the same DKIM will not be delivered. You can write it if you are sure that only you send letters and everything is configured correctly. You will not receive reports.

Example 4. Reject all messages that did not pass the DMARC check and send all reports

Write such a note in a situation where you know for sure that you have been hacked. And they send letters on your behalf. But first make sure DKIM is configured.

DKIM / SPF do not work correctly if:

Optional DMARC Tags

In addition to the required tags, you can specify additional tags. They will indicate which reports and where to send, or to what percentage of emails to apply the policy. These are the optional tags: