DMARC

  • 1 minute(s) read
Prev Next

Overview

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol that builds on SPF and DKIM to protect your domain from spoofing, phishing, and other forms of email abuse. DMARC allows domain owners to publish policies that tell email receivers how to handle unauthenticated messages and request feedback on email authentication results.

By implementing DMARC, senders:

  • Standardize how their messages are authenticated.

  • Instruct mailbox providers on how to treat email that fails SPF and/or DKIM checks.

  • Receive reports on failed authentication attempts for analysis and improvement.

To configure DMARC for your Mapp Engage system, please contact your customer service representative.

Configuration and Behavior

1. What DMARC Does

  • DMARC uses SPF and DKIM results to evaluate incoming messages.

  • It focuses on the domain in the From Address — the domain your recipients see.

  • DMARC ensures alignment between:

    • The From Address domain, and

    • The domain used in SPF and/or DKIM.

  • If a message fails alignment, the policy defines whether it should be rejected, quarantined (marked as spam), or monitored.

Tip: With DMARC, using an invalid DKIM signature is treated the same as having no DKIM at all.

2. How DMARC Works

  1. A DMARC policy is published in your domain’s DNS as a TXT record.

  2. When a receiving server gets an email:

    • It checks the SPF and DKIM authentication results.

    • It evaluates whether the sender domain aligns with the From Address domain.

  3. Based on your DMARC policy, the server:

    • Accepts the message,

    • Sends it to the spam folder, or

    • Rejects it outright.

  4. The receiving provider sends aggregate and/or forensic reports to the domain owner detailing failures (called non-aligned emails).

3. Setting Up DMARC in Mapp Engage

General stels to implement DMARC:

  1. Develop your SPF and DKIM policies.
    Ensure both are configured and aligned with your From Address domain.

  2. Publish a DMARC record in your DNS.

  3. Monitor incoming reports to understand how your emails are being handled.

  4. Gradually adjust your policy as needed:

    • Start with p=none (monitoring only),

    • Move to p=quarantine (spam folder),

    • Then to p=reject (block unauthenticated messages) for full protection.

DMARC policies evolve — begin with monitoring and tighten controls based on the feedback you receive.

Important Notes

  • DMARC relies on SPF and DKIM being properly configured and aligned with your domain.

  • The DKIM and SPF domains must belong to the same organizational domain as the From Address.

  • Most major email providers support and respect DMARC policies.