Generate DMARC policies to control what happens when emails fail SPF/DKIM authentication. Prevent domain spoofing and receive reports.
| Type | Host/Name | Value |
|---|---|---|
| TXT | _dmarc.example.com | - |
DMARC (Domain-based Message Authentication, Reporting, and Conformance) builds on SPF and DKIM to give domain owners control over what happens when emails fail authentication. It's the third pillar of email authentication, completing the SPF → DKIM → DMARC trifecta.
| Phase | Policy | Action |
|---|---|---|
| 1. Monitor | p=none | Collect reports, no action on failures |
| 2. Quarantine | p=quarantine | Send failed emails to spam folder |
| 3. Reject | p=reject | Block all unauthorized emails |
No! Always start with p=none to monitor which services send email on your behalf. Review reports for 2-4 weeks, then gradually move to quarantine and finally reject once you're confident all legitimate senders are authorized.