Question 1

What is DMARC?

Accepted Answer

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol that builds on SPF and DKIM. It tells receiving mail servers what to do when an email fails authentication checks, and provides reporting so you can monitor your domain's email security.

Question 2

What is the recommended DMARC rollout path?

Accepted Answer

Start with p=none to collect reports without affecting mail delivery. Analyze the reports to identify all legitimate sending sources. Then move to p=quarantine to send suspicious emails to spam. Finally, move to p=reject for full protection.

Question 3

What are DMARC aggregate reports (rua)?

Accepted Answer

Aggregate reports are XML files sent daily by mail receivers. They show which IPs are sending email using your domain, whether those emails pass or fail SPF/DKIM/DMARC, and how many messages were processed.

Question 4

What is DMARC alignment?

Accepted Answer

Alignment means the domain in the "From" header matches the domain that passed SPF or DKIM. "Relaxed" alignment allows subdomains (mail.example.com aligns with example.com). "Strict" alignment requires an exact domain match.

Question 5

What does the percentage (pct) tag do?

Accepted Answer

The pct tag specifies what percentage of failing messages the policy applies to. For example, pct=25 means only 25% of failing emails get quarantined or rejected. This allows gradual rollout from 25% to 100%.

DMARC Record Generator

Policy

Reporting

Advanced Settings

Your DMARC Record

Frequently Asked Questions

SPF Generator

MTA-STS Generator

BIMI Generator