Domain-based Message Authentication, Reporting, and Conformance (DMARC) is an authentication policy published in the DNS and tells receivers what to do with unauthenticated email. DMARC uses a short entry in a domain's DNS zone file. Because DMARC-style alignment is widely used as a spam-filtering metric, publishing a basic DMARC policy should be a top priority.
What is DMARC?
- Allows senders to specify what actions they want a mailbox provider to take with unauthenticated email.
- Allows senders to request aggregated and anonymized data from ISPs about email that claims to be from their domains.
- Creates a way for ISPs to supply data in a standardized format. A standard format allows domain owners to monitor the spoofing of their domains and make informed decisions about how to handle spoofing. This action is attractive for commonly phished businesses such as banks, payment systems, and social media.
Note: DMARC does not allow senders to bypass spam filters.
DMARC-style alignment
DMARC-style alignment is used as a spam-filtering metric. Senders should prioritize signing their email with DKIM and SPF, align the email correctly, and publish a basic DMARC policy.
An email must come from the domain that it says it comes from. DMARC alignment occurs when either the return path or the DKIM d= value
is in the same domain space as the "friendly from" address.
In DMARC alignment, a message must pass:
- SPF authentication and SPF alignment
For SPF alignment,
RETURN-PATH
must match theFRIENDLY FROM
domain. - DKIM authentication and DKIM alignment
For DKIM alignment,
d= value
must matchFRIENDLY FROM
. - Both SPF and DKIM authentication and alignment
More information
For more information about DMARC policies, see the following websites:
What is BIMI?
BIMI, or Brand Indicators for Message Identification, is an emerging standard created to make it easier to display your logo next to your message in the inbox. BIMI is designed to prevent fraudulent emails, aid deliverability, and help your visibility. Learn more about BIMI.
For Acoustic-hosted domains, Acoustic adds a DMARC record into your DNS. You can review and update the DMARC settings by accessing the DMARC setting page for your domain from Settings > Administration > Email domains > DMARC settings.