Learn · email signature glossary

DMARC

TL;DR

DMARC (Domain-based Message Authentication, Reporting and Conformance) is a DNS-published policy that tells receiving servers how to handle mail that fails SPF or DKIM alignment, and where to send reports about it.

DMARC is an email authentication policy published as a DNS TXT record at _dmarc.yourdomain.com. It builds on SPF and DKIM by adding two things they lack: a policy and feedback. The policy (p=none, p=quarantine, or p=reject) tells receiving servers what to do with messages that fail authentication and do not align with the visible From address. The reporting part (the rua tag) tells receivers where to send aggregate reports, so you can see who is sending mail as your domain, legitimate or not.

Re: In practice

Why it matters

DMARC is what actually stops someone from putting your domain in the From line of a phishing email. SPF and DKIM alone verify technical details most recipients never see; DMARC ties those checks to the From address people actually read, and instructs receivers to junk or reject forgeries. It also affects whether your own mail gets delivered: Google and Yahoo now require a DMARC record from bulk senders, and domains without one are treated with more suspicion generally. The standard rollout is to start at p=none to collect reports, fix any legitimate senders that fail (marketing platforms, CRMs, helpdesk tools), then move to quarantine and finally reject. A signature only builds trust if the message carrying it demonstrably came from you.

Ready to create your email signature?

Free generator, no account required. Works in Gmail, Outlook, and Apple Mail.

Try Free Generator