Domain-based Message Authentication, Reporting, and Conformance (DMARC)
Embed This Widget
Add the script tag and a data attribute to embed this widget.
Embed via iframe for maximum compatibility.
<iframe src="https://ipfyi.com/iframe/entity//" width="420" height="400" frameborder="0" style="border:0;border-radius:10px;max-width:100%" loading="lazy"></iframe>Paste this URL in WordPress, Medium, or any oEmbed-compatible platform.
https://ipfyi.com/entity//Add a dynamic SVG badge to your README or docs.
[](https://ipfyi.com/entity//)Use the native HTML custom element.
M. Kucherawy, E. Zwicky · 2015-03
Abstract
DMARC defines a scalable mechanism for email senders to express domain-level policies regarding message authentication, and for receivers to report back on the application of those policies. A DMARC policy is published as a DNS TXT record and specifies how to handle messages that fail SPF or DKIM alignment checks, with options to monitor, quarantine (send to spam), or reject failing messages.
Why This RFC Matters
DMARC closes a critical gap left by SPF and DKIM by linking their authentication results to the domain visible to users in the From header, and by giving domain owners control over what receivers should do with unauthenticated mail. Its aggregate and forensic reporting system gives organizations visibility into who is sending email on their behalf — legitimate or not. DMARC adoption has significantly reduced domain impersonation attacks against major brands and government domains. In 2024, Google and Yahoo announced DMARC compliance as a mandatory requirement for bulk email senders, accelerating industry-wide adoption. RFC 7489 is classified informational but functions as the de facto standard.