DMARC

Domain-based Message Authentication, Reporting, and Conformance (DMARC) is an email authentication policy that builds on SPF and DKIM to tell receiving mail servers what to do with emails that fail authentication checks. A DMARC policy can instruct servers to quarantine or reject suspicious emails, protecting your domain from being used in phishing and spoofing attacks. DMARC also provides aggregate reports so domain owners can see who is sending email on their behalf. It is required for Google and Yahoo deliverability and many compliance frameworks.

Why it matters for your website

• 1Prevents your domain from being used in phishing and spoofing attacks
• 2Required for email deliverability to Gmail, Yahoo, and major providers
• 3Missing records are flagged as high-severity findings in security audits