What is DMARC?
DMARC is an abbreviation of Domain-based Message Authentication Reporting and Conformance, and it is a mechanism for secure email exchange that uses both SPF and DKIM. Having set up DMARC properly for your domain will reduce email phishing (thanks to the reporting of SPF) and spoofing (thanks to the encryption of DKIM). You will have a lot higher email sent success rate, and fewer emails of yours will end up in the spam folder.
Using DMARC will allow you to add an extra level of security on top of the SPF and DKIM.
You can set it up stronger, and even if SPF and DKIM pass, the DMARC still fails because of criteria.
You can make it lighter and limit the use to only SPF or only DKIM.
Why use it?
- To send emails uninterrupted. The emails will be encrypted, and the receiver will be able to unlock them with the public key. The presence of DMARC will indicate that the domain could be trusted.
- To stop others from using your domain name for phishing attacks. DMARC has the power to tell to the receiving servers – the domain is related to those particular servers. Anything different should be discarded immediately. It can work with allowing only good emails or stopping all bad emails, or both.
How to create a DNS DMARC record?