Domain-based Message Authentication, Reporting and Conformance (DMARC) is a standard for determining the authenticity of the person or service sending email on behalf of a domain.
DMARC attempts to minimize email spoofing by building on top of existing authentication standards.
DMARC supplements DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF), neither of which provide complete spoofing prevention on their own. DKIM and SPF handle the domain-based message authentication portion of DMARC.
DKIM cryptographically signs messages. SPF defines the IP addresses approved to send email on a domain. For more about DKIM and SPF, see DKIM Records Explained and SPF Records Explained.
A DMARC record is implemented using a TXT DNS record. The tags in this TXT record tell receiving email servers how to handle email that fails either or both DKIM and SPF checks. The DMARC record also tells receiving servers where to send reports about the failures. The ability to provide receiving email servers with failure handling instructions and the opportunity to receive failure reports is incredibly valuable for domain owners. The information can be used to track down the people and services sending email on behalf of your domain, which is a first step in understanding your sender reputation. This feedback loop is unique to the reporting and conformance mechanisms of DMARC.
DMARC is a powerful tool for understanding your sender reputation. For more information about DMARC, see Everything about DMARC where we cover DMARC in detail.