Siggly LogoSiggly
Glossary

DMARC

DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication policy protocol that builds on SPF and DKIM. It allows domain owners to specify how receiving servers should handle messages that fail authentication checks, and provides reporting on email authentication results.

Key Aspects

Policy Enforcement

Tells receiving servers whether to reject, quarantine, or accept emails that fail SPF/DKIM checks.

Reporting

Provides aggregate and forensic reports on email authentication results for your domain.

Phishing Defense

Prevents attackers from sending emails that appear to come from your domain.

Gradual Deployment

Supports a phased rollout from monitoring (p=none) to quarantine to full rejection (p=reject).

How DMARC Works

1

Publish a DMARC Record

Add a DNS TXT record at _dmarc.yourdomain.com specifying your policy (none, quarantine, or reject) and a reporting email address.

2

Receiving Server Checks

When an email arrives, the receiving server checks SPF and DKIM, then looks up the DMARC record to determine the domain's policy.

3

Alignment Verification

DMARC verifies that the domain in the From header aligns with the domains authenticated by SPF and/or DKIM.

4

Policy Application & Reporting

The receiving server applies the DMARC policy (none/quarantine/reject) and sends authentication reports back to the domain owner.

Frequently Asked Questions

What are the three DMARC policy levels?
p=none (monitor only, take no action), p=quarantine (move failures to spam/junk), and p=reject (block failures entirely). Organizations typically start at none and progress to reject.
Does DMARC require both SPF and DKIM?
DMARC requires that at least one of SPF or DKIM passes and aligns with the From domain. Best practice is to implement both for maximum protection.
What are DMARC aggregate reports?
Aggregate reports (RUA) are XML files sent daily by receiving servers, showing authentication results for all emails sent from your domain. They help identify unauthorized senders and authentication issues.
Can email signature tools break DMARC alignment?
Tools that modify emails after sending can break DKIM, which may cause DMARC failures. Siggly integrates with your email platform to apply signatures before authentication, maintaining full DMARC compliance.

Try Siggly Free

Start managing your team's email signatures today.