What is DMARC?

DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is an email authentication, policy, and reporting protocol. It builds on the widely deployed SPF and DKIM protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor protection of the domain from fraudulent email.

Overview of DMARC

An overview of how DMARC works is available on this page.

Status of DMARC

The IETF RFC Editor published RFC 7489, “Domain-based Message Authentication, Reporting, and Conformance (DMARC)” on the Independent Submission stream on March 18th, 2015. RFC 7489, which can be found here, is in the process of being adopted as the official input to the IETF DMARC Working Group.

Why is DMARC Important?

A brief answer to this question is available here.

How Does DMARC Work?

A brief, non-technical answer to this question is available here. A more detailed explanation is available on this page.

Who Can Use DMARC?

DMARC policies are published in the public Domain Name System (DNS), and available to everyone. Because the specification is available with no licensing or similar restriction, any interested party is free to implement it.