What if I do not send email from my domain?

Set `v=DMARC1; p=reject` and `v=spf1 -all`. This tells receivers to reject any email claiming to be from your domain.

DMARC

What is DMARC?

Domain-based Message Authentication, Reporting & Conformance

Domain-based Message Authentication, Reporting and Conformance (DMARC) is a DNS TXT record at `_dmarc.your-domain.com` that tells receiving mail servers what to do when a message from your domain fails SPF or DKIM checks. Options are: `none` (monitor only), `quarantine` (send to spam), `reject` (bounce).

In more detail

DMARC works with SPF and DKIM: SPF says which IPs can send as your domain, DKIM cryptographically signs outgoing messages, DMARC says what receivers should do when those checks fail. Without DMARC, receivers can still deliver spoofed email — DMARC is what tells them to reject.

Start with `p=none` and watch DMARC reports to see which services are sending email on your behalf. Once you have all legitimate senders authenticated, upgrade to `p=quarantine` and eventually `p=reject`.

Baseline DMARC record

v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com; pct=100

Why this matters

Why builders care

As of 2024, Gmail and Yahoo require DMARC for bulk senders. Without it, your transactional emails (password resets, notifications) can land in spam. It also stops attackers from phishing your users while impersonating your domain.

FAQ

Frequently asked questions

What if I do not send email from my domain?: Set `v=DMARC1; p=reject` and `v=spf1 -all`. This tells receivers to reject any email claiming to be from your domain.

Fix guides

Fix DMARC issues

Missing DMARC record

DMARC tells receiving mail servers what to do with email that fails SPF or DKIM — quarantine, reject, or nothing. Here is how to set it up.

Missing SPF record

Without SPF, anyone can send email that looks like it came from your domain. Here is the one DNS record you need to stop that.

Missing DKIM record

DKIM signs your outgoing email so receivers can verify it was not tampered with. Here is how to enable it through your email provider.

Free tools

Check it yourself

Email security checker

Can someone spoof email from your domain? Check in 10 seconds.

Related terms

Keep learning

Sender Policy Framework

SPF is a DNS record listing which IP addresses are allowed to send email from your domain. The first line of email authentication.

DomainKeys Identified Mail

DKIM is a digital signature on outgoing email, letting receivers verify it came from you and was not tampered with.

See where your site stands

Paste a URL, get a score in 60 seconds. Free, no signup.