What is DMARC?
DMARC stands for Domain-based Message Authentication. It’s an email authentication standard that sits above SPF and DKIM in the email authentication hierarchy. For DMARC to pass when an email is received by a mail server, either SPF or DKIM authentication must be aligned with the same domain as the one that the email is ‘From:’.
What does DMARC do?
DMARC is an anti-phishing standard, in that it’s intended to determine whether an email’s sender is actually who they claim to be. By checking that either SPF or DKIM are aligned with the same domain as an email’s ‘From:’ address, the DMARC record also confirms that the sender owns the domain that it’s sending from (as it’s able to manage and update its DNS records). The setting of a DMARC policy (either ‘none’, ‘quarantine’, or ‘reject’) can also be determined by the domain owner to indicate what mailbox providers should do if an email from their domain fails for DMARC.
For more on DMARC policies and the various additional tags that can be added to a DMARC record (allowing the operator to tailor a record to their domain’s specific needs), Google has a very good guide here.
How is DMARC implemented?
DMARC accounts for all of the emails that are sent from a domain, not just those emails that are sent from a particular application or mail server. What this means is, while your DMARC record may pass for emails that are sent from Engaging Networks, it may not pass for other emails that you’re sending from other applications.
While our Domain Authentication tool can check that SPF and DKIM are set-up to send from our servers, it’s impossible for us to check whether a domain is set-up to pass DMARC from both our own application as well as any other application a domain owner is using for email. For this reason, unfortunately we do not have a facility to authenticate your DMARC record for you or provide any reporting to that effect.