When an email is sent or received, there is no clear indication that the email is authentic or if it was sent from a validated sender address or domain. One way to improve email security is the DMARC standard.

DMARC allows senders to instruct email providers on how to handle unauthenticated mail via a DMARC policy, removing any guesswork on how they should handle messages that fail DMARC authentication. DMARC protects email from spoofing, phishing and spamming.

DMARC builds on the commonly-deployed Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) protocols. A policy for DMARC allows a sender domain to specify if its email uses SPF and/or DKIM. Policies can be set for sending email to a spam folder or reject it if the authentication methods fail. If an email recipient gets an email that fails these authentications, they also have an option to report it back to the sending domain.

DMARC Record

DMARC policies are published in the DNS as text (TXT) record and announce what an email receiver should do with non-aligned mail it receives. For example,

"v=DMARC1;p=reject;pct=100;rua=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it."

In this example, the sender requests that the receiver reject all non-aligned messages and send a report about the rejections to a specified address.