InboxWarm.ai Logo
DEmail Deliverability Glossary

DMARC (Domain-based Message Authentication, Reporting and Conformance)

A policy protocol built on SPF and DKIM that tells receiving servers how to handle authentication failures and sends aggregate reports back to the domain owner.

DMARC is a policy and reporting protocol built on top of SPF and DKIM. It tells receiving servers what to do when an email fails authentication, and sends reports back to the domain owner about authentication activity.

DMARC policies:

  • p=none — Take no action; just send reports. Start here for new domains.
  • p=quarantine — Send failing emails to spam. Use after confirming SPF and DKIM are consistently passing.
  • p=reject — Completely block failing emails. Use when you're confident in your authentication setup.

DMARC alignment: DMARC requires the From domain to "align" with either the SPF authenticated domain (envelope from) or the DKIM signing domain. Misalignment causes DMARC failure even if SPF and DKIM pass individually.

DMARC reports:

  • Aggregate reports (rua): Daily XML reports summarizing authentication pass/fail rates by IP
  • Forensic reports (ruf): Individual failure samples (not all ISPs send these)

Recommended warm-up DMARC progression:

  1. Start with p=none; rua=mailto:dmarc@yourdomain.com — monitor for 2–4 weeks
  2. Review reports — confirm 100% of your legitimate mail passes SPF and DKIM alignment
  3. Move to p=quarantine; pct=25 — quarantine 25% of failing mail
  4. Gradually increase to p=reject over time

Frequently Asked Questions

What DMARC policy should I start with during warm-up?

Start with p=none and a reporting address: v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com. This policy collects aggregate reports without taking any enforcement action, letting you see exactly what's passing and failing without risking legitimate mail being quarantined. Monitor reports for 2–4 weeks to confirm 100% of your legitimate sending sources are passing SPF and DKIM alignment. Only move to p=quarantine after you're confident your authentication is complete and consistent.

How do I read DMARC aggregate reports?

DMARC aggregate reports are daily XML files sent to the address in your rua tag. They're hard to read raw — use a DMARC report parser like dmarcian, Postmark's DMARC Digests, or Google's free DMARC Report Analyzer. The key data points are: which IPs are sending mail claiming to be from your domain, what percentage of sends are passing SPF and DKIM alignment, and whether any unauthorized sources are sending from your domain. During warm-up, you want to see close to 100% alignment pass rates from your legitimate sending sources.

What is DMARC alignment and why does it fail?

DMARC alignment requires the domain in the From header to match either the SPF envelope sender domain or the DKIM signing domain. The most common alignment failures are: using an ESP that sets its own domain in the Return-Path (breaks SPF alignment), having DKIM signed with a different domain than your From address (breaks DKIM alignment), and sending from a subdomain when DMARC is set to 'strict' alignment mode on the root domain. In relaxed alignment mode (the default), subdomains match the organizational domain, which solves most subdomain issues.

Related Terms

S

SPF (Sender Policy Framework)

An authentication protocol that specifies which mail servers are authorized to send email for your domain. Published as a DNS TXT record checked on every inbound message.

D

DKIM (DomainKeys Identified Mail)

An authentication method that attaches a cryptographic signature to outgoing emails, proving the message was sent by an authorized server and not altered in transit.

A

Authentication (Email Authentication)

The set of technical protocols (SPF, DKIM, DMARC) that verify a sender's identity and prove an email genuinely originated from the claimed domain.

R

Return Path (Bounce Address / Envelope From)

The SMTP envelope address where delivery failure notifications are sent. SPF checks the Return-Path domain — mismatches cause DMARC alignment failures.

Back to Glossary
Get Started Today

Stop Guessing. Start Landing in the Inbox.

Improve your email deliverability with real engagement signals and full visibility into where your emails actually land.

Start Free TrialTalk to Sales

Free 10-day trial · No credit card · Cancel anytime