DMARC email authentication

Article author
Kelly Sutter
  • Updated

DMARC (Domain Message Authentication, Reporting, and Conformance) is an email authentication protocol designed to detect and prevent email spoofing. For organizations, publishing a DMARC record helps them see if anyone is trying to spoof their domain. For ISPs, DMARC policies tell them how to handle the incoming mail when the email appears to be spoofed.

It is important to publish a custom DKIM key for your domain before you publish your DMARC or else your email may not get delivered to the inbox.


Before you publish your DMARC record

  1. Email us to get set up with a custom DKIM key for your domain
  2. Publish a DMARC with a policy of `none` to evaluate deliverability and authentication
  3. Update DMARC with a policy of `quarantine` once everything looks good

If specifying `aspf` in your record, it must be set to `r` (relaxed), the default value. You CANNOT have aspf set to `s` (strict).



Resources for more information