DMARC: Domain-based Message Authentication, Reporting, and Conformance, or DMARC, is a technical standard that helps protect email senders and recipients from spam, spoofing, and phishing.
" DMARC, (Domain-based Message Authentication Reporting, & Conformance) an open source standard, uses a concept called alignment to tie the result of two other open source standards, SPF (a published list of servers that are authorized to send email on behalf of a domain) and DKIM (a tamper-evident domain seal associated with a piece of email), to the content of an email. If not already deployed, putting a DMARC record into place for your domain will give you feedback that will allow you to troubleshoot your SPF and DKIM configurations if needed. "
A basic DMARC record look like?
v=DMARC1; p=quarantine; rua=mailto:postmaster@website.com
An explanation of the above record:
v=DMARC1-> Must be in all caps, and it's not optionalp=quarantine-> If a check fails, then an email will be sent to the spam folder (DMARC Policy)rua=mailto:postmaster@website.com-> Aggregate reports will be sent to this email address
Refer to the DMARC resources here and here for additional information on DMARC tags. Review the following resource about DMARC Alignment .
Let's use the Domain Health Checker from dmarcian.com and check the DMARC status of microsoft.com.
And the results are...
Microsoft passed all checks. We can drill down into DMARC, SPF, or DKIM to get more details.
DMARC:
In the details above, we can see that all emails that fail the DMARC check will be rejected.