DMARC Settings in Email

What is DMARC-

DMARC is a DNS TXT record that assists receiving-mail-systems in deciding how to handle emails from your domain that don't pass SPF or DKIM validation.




How SPF and DKIM work together with DMARC


Gmail and Yahoo will require DMARC mandatorily starting from February 2024

Starting from February 2024, Gmail and Yahoo are requiring DMARC for bulk email senders who send over 5,000 emails per day. 

Verify now to prevent email failure.






A published DMARC record basically serves two purposes:


  • Tells the recipient server to either: Quarantine the message, Reject the message, or Allow the message to continue delivery.

  • Sends reports to an email address or addresses with data about all the messages seen from the domain.


If the domain has not published a DMARC record, the recipient server makes its own determination if the message should be delivered. Thus, DMARC helps easily identify threat senders, and prevent domain phishing, malware threats and a variety of security concerns by blocking fraudsters.


Suggestions to use DMARC effectively -


  1. Analyse DMARC reports to identify passing, failing or unidentified sources.

  2. Make sure all your known email sources are passing DKIM and SPF and are compliant with DMARC.

  3. After monitoring for a few days, start to Quarantine those email sources that are not DMARC compliant.

  4. If you are able to cover all known sources, the next step is to gradually quarantine (p=quarantine) a portion of traffic (pct=10) and increase it over time. The quarantine will place non-compliant emails in spam/junk folders. Once comfortable, you can pull the trigger on the reject policy (p=reject). This will tell ISPs to discard the non-compliant emails completely, essentially stopping fraud on your domain as long as you control the approved sources.

  5. End goal: set a reject policy to reject any email that is non-compliant with DMARC.


MSG91 DMARC Reports


  • Explore the Dashboard to know the DMARC policy distribution for the senders and the verification status of the registered domains.

  • Identify your top senders, their geological distribution and goto the Geological Reports section for a detailed analysis

  • Check your senders' DMARC Compliance and goto the Compliance Reports section for a detailed analysis

  • Identify the top DMARC reporters.