Best Software for 2025 is now live!
View the Winners
Glossaire de la technologie

DMARC

Brandon Summers-Miller
BS
par Brandon Summers-Miller
What is DMARC and why is it important as a software feature? Our G2 guide can help you understand DMARC, how it’s used by industry professionals, and its benefits.

Dans cet article

Dans cet article

What is DMARC?

DMARC, short for “domain-based message authentication, reporting, and conformance,” is an email security measure that enables users to protect their email domain from unauthorized use, also known as email spoofing.

Types of DMARC

Organizations can implement three primary DMARC policies to protect themselves from email spoofing. Each is expressed as a “p=” function representing “policy equals.” This expression informs domains which type of DMARC policy they are meant to enforce. They are:

  • p=none: This DMARC policy, sometimes called the “monitor” policy, instructs the recipient’s email provider not to take any action if a received email fails DMARC. The receiving server accepts the email regardless, and the message is delivered to the recipient.
  • p=quarantine: This type of DMARC policy still allows emails that fail DMARC to be sent to the intended recipient; however, the message is segregated from the primary inbox and sorted into its own folder. This often takes the form of a spam folder.
  • p=reject: This policy blocks any email that fails DMARC. The message is withheld from the receiving server and never delivered to the intended recipient.

Benefits of using DMARC

There are several benefits to implementing a DMARC policy, which include:

  • Better protection: Implementing a DMARC policy makes it more difficult for bad actors to successfully target end users and harvest their personally identifiable information (PII) or other sensitive information.
  • Increased trust: Organizations that put DMARC policies into effect make it harder for their branding to be used in phishing and email spoofing attacks, protecting their brand’s reputation. Making it more difficult for attackers to create attacks using another brand’s logos and identities helps create more trust on the internet. 
  • Improved deliverability: When organizations implement a DMARC policy, emails sent from their domains are more likely to reach end users' inboxes. Increased deliverability rates translate to more exposure for brands and organizations and often more sales.

Basic elements of DMARC

DMARC includes the following elements:

  • Alignment: Emails have two distinct parts, similar to physical letters: the envelope sender, a digital envelope a server creates to route the sender’s message, and the “From” address. 
    DMARC alignment ensures that the domain in an email's “From” header matches the domain the envelope sender used. Ensuring these two domains match reduces the likelihood of email spoofing.
  • Reporting: A critical aspect of DMARC is its ability to report DMARC analytics by a receiving mail server back to the domain owner from which emails were sent.
    These reports include information on the authentication statuses of emails sent from the owner’s domain, such as the percentage of emails sent from the owner’s domain that passed or failed DMARC evaluations. 
    DMARC reports also include information on the use of their domain to monitor and combat email spoofing, allowing domain owners to protect their brands’ reputations.

DMARC best practices

In order to most effectively implement a DMARC policy, follow these best practices:

  • Follow the standard enforcement route: Gradually escalating a domain’s DMARC response is a good practice for domain owners who have recently implemented a DMARC policy. 
    By progressing from a p=none policy to a p=quarantine policy and, finally, to a p=reject policy, domain owners can experience how their DMARC policy can protect their domain and determine which is best for their organization’s needs.
  • Pay attention to inactive domains: Just because a domain is inactive doesn’t mean it’s safe from spoofing attempts. In reality, malicious actors may target static domains as they are more likely not to be actively monitored or protected by a DMARC policy.

DKIM vs. SPF vs. DMARC

Though closely related, DMARC, SPF, and DKIM differ.

DomainKeys Identified Mail (DKIM) is a cryptographic protocol that authenticates emails itself. This protocol leverages public key infrastructure (PKI), allowing domains sending messages to “sign” emails with their private key.

Receiving servers then check the email signature, stored in a DKIM record, for the sender’s private key and then decipher the message using the sender’s public key. The ability to decipher the message using matching public and private keys authenticates the domain from which the email claims to have been sent.

A sender policy framework (SPF) is a method domains use to cache servers from which they send emails. Doing so allows domains to determine whether or not a particular server is authorized to deliver its mail.

DMARC is an email authentication protocol that protects domains from being spoofed in various attacks, including phishing attempts. Unlike DKIM, DMARC doesn’t authenticate emails itself but instead recommends what should be done with emails once they’ve passed or failed DKIM or SPF authentication through the DMARC record that lists the DMARC policy. 

Since DMARC leverages DKIM and SPF technologies to carry out authentication processes, it is closely related but distinct from both.

Learn more about man-in-the-middle attacks and how to prevent them.

Brandon Summers-Miller
BS

Brandon Summers-Miller

Brandon is a Senior Research Analyst at G2 specializing in security and data privacy. Before joining G2, Brandon worked as a freelance journalist and copywriter focused on food and beverage, LGBTQIA+ culture, and the tech industry. As an analyst, Brandon is committed to helping buyers identify products that protect and secure their data in an increasingly complex digital world. When he isn’t researching, Brandon enjoys hiking, gardening, reading, and writing about food.

DMARC Software
Stay secure
Prevent email spoofing and phishing with the help of DMARC software.
Learn more
DMARC Software
Stay secure
Prevent email spoofing and phishing with the help of DMARC software.
Learn more