What is DMARC?

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an initiative that is being developed and used by companies such as Google, Facebook, PayPal or Amazon. DMARC combines both SPF and DKIM, and offers additional features.

How does DMARC work?

In order to use DMARC, you first need to configure SPF and DKIM (SPF is automatically configured by EmailLabs, which also helps in implementing DKIM). Thus, if a message fails SPF and DKIM authentication, it will also fail DMARC authentication.


DMARC allows domains owners to publish rules that instruct e-mail service providers, who are a part of DMARC initiative, on how to deal with unauthenticated messages sent from their domains.

Domain owner can instruct a provider (e.g. Google Gmail) to:

  1. Block all unauthenticated messages sent from his domain and forward to him copies of such messages together with sender’s address.
  2. Allow delivery of such messages, but at the same time inform a domain owner about their content and address, from which they were sent.
  3. Allow delivery of such messages.

A user who is using DMARC does not have to carry out any additional actions, because DMARC tests are conducted by providers.

Proper DMARC configuration is the only uncrackable prevention from e-mail messages spoofing.

How to set up DMARC?

Read article here.