Why DMARC matters
DMARC is the standard that stops other people from sending email that looks like it came from your exact domain - the impersonation behind most phishing, invoice fraud, and brand abuse. Without it, anyone can put your domain in the From line and many inboxes will trust it.
How it works, in brief
- You publish one DMARC record in your domain's DNS.
- It builds on two checks you may already have - SPF (which servers are allowed to send for you) and DKIM (a signature proving a message was not altered) - and tells receiving mail servers what to do when a message claiming to be you fails both: monitor only (
p=none), send to spam (p=quarantine), or reject it (p=reject). - It also asks those servers to email you regular reports on everything sent as your domain. This tool collects those reports and turns them into a plain-English weekly summary - so you can see who is really sending as you before you tighten the policy.
You do not need a DMARC record before you start. The reporting address above is a ready-to-paste DMARC record - add it and you are monitoring in minutes.