What is a DMARC policy?

Use Sendmarc’s DMARC policy management feature to simplify the creation and monitoring of your business’s Domain-based Message Authentication, Reporting, and Conformance (DMARC) policy. Strengthen email security and improve deliverability – without complex technical hurdles.

 

Get started today to:

  • Monitor and analyze email traffic
  • Enforce protection against domain spoofing
  • Optimize authentication for better deliverability

Secure your emails and build trust with Sendmarc’s expert solutions.

Why a DMARC policy matters for email security

A DMARC policy is a set of rules that domain owners publish in the DNS. These rules instruct receiving email servers on how to handle messages that fail authentication checks. DMARC helps prevent domain spoofing, phishing, and other email-based threats by specifying whether to deliver, quarantine, or reject unauthenticated messages.

 

Organizations globally rely on DMARC to:

  • Improve email deliverability
  • Protect their domain reputation
  • Prevent impersonation and phishing attacks

Without DMARC, cybercriminals can impersonate your domain to send fraudulent messages – putting your company, partners, and customers at risk.

Implementing DMARC:

  • Protects your domain from unauthorized use
  • Helps prevent phishing and spoofing attacks
  • Improves the delivery of legitimate emails
  • Provides reports to monitor email traffic and detect abuse

By enforcing DMARC, domain owners gain control over how unauthenticated emails are handled, reducing risk and strengthening their email security posture.

Understanding DMARC policy options

DMARC policies are set using the p tag in the DMARC record. There are three policy options:
Policy Effect on failing emails
none Delivers all emails, including unauthenticated ones; generates reports for analysis
quarantine Moves failing emails to recipients’ Spam or Junk folders
reject Rejects emails that fail DMARC checks completely
Starting with p=none allows businesses to monitor their email environments and identify legitimate sources without affecting delivery. Gradually progressing to quarantine and eventually reject reduces the risk of blocking valid messages while strengthening security.

How a DMARC policy works with email headers

DMARC works by validating the ‘From’ header in an email against two email authentication standards:

For a message to pass DMARC, either SPF or DKIM must pass authentication. If both protocols fail, the policy instructs the receiving server on how to handle the message.

DMARC header validation summary:

  • Check the SPF and DKIM authentication results
  • Apply the domain owner’s policy (none, quarantine, or reject)
  • Send reports to the domain owner for analysis

Simplify DMARC adoption today with Sendmarc

How to set up a DMARC policy

To publish a policy:

  1. Create a DMARC record as a TXT entry in your domain’s DNS
  2. Define your policy using the p tag (none, quarantine, or reject)
  3. Add email addresses for reports using the rua (aggregate) and ruf (forensic) tags
  4. Publish the DMARC record

Example DNS record:

HostTypeValue
_dmarc.yourdomain.comTXTv=DMARC1; p=reject; rua=mailto:[email protected]; fo=1;

Use DMARC validation tools to confirm that the record is correctly published.

How to change a policy

To strengthen enforcement over time:

  • Update the p tag from none to quarantine and eventually reject
  • Use the pct tag to gradually apply the policy to a percentage of emails
  • Monitor reports to ensure legitimate emails aren’t being affected

How to check a policy

  • Use a DMARC record checker
  • Review aggregate and forensic reports sent to the specified email addresses
  • Confirm that the DNS TXT record includes the correct policy and reporting settings
  • Ensure SPF and DKIM are properly configured

Sign up for Sendmarc’s email security solutions to access expert guidance and automated tools for DMARC setup, monitoring, and optimization.

Or book a demo today to secure your organization’s email environment.

DMARC policy FAQs

What is a DMARC policy?

A DMARC policy is a set of rules published in the DNS that instructs email receivers on how to handle messages that fail authentication checks. DMARC helps prevent domain spoofing, phishing, and other forms of email fraud.

To enable a DMARC policy, publish a DMARC TXT record in your domain’s DNS. The record must include the p tag with a policy of none, quarantine, or reject.
To change a DMARC policy, update the p tag in the existing DMARC TXT record to a new policy value (none, quarantine, or reject). Use the pct tag to gradually apply enforcement to a percentage of emails before full implementation.

To check a DMARC policy, use online DMARC record checker tools. Also, review aggregate and forensic reports sent to your company’s specified email addresses to ensure its policy is working as intended.