Definition
DMARC
Domain-based Message Authentication, Reporting and Conformance, a protocol that tells receiving mail servers what to do with emails that fail SPF or DKIM checks.
Why it matters in B2B outbound
DMARC is the enforcement layer on top of SPF and DKIM. While SPF and DKIM authenticate emails, DMARC tells receiving servers what action to take when authentication fails: do nothing (monitor), send to spam (quarantine), or reject the message outright (reject). Without DMARC, a failed authentication check might do nothing — the server has no policy to follow.
Google and Yahoo made DMARC a requirement for bulk senders in 2024. Without at least a p=none DMARC policy, your sending domain is at increased risk of messages being filtered or blocked by major providers. For cold email senders, this is a non-negotiable baseline for deliverability.
DMARC also provides reporting. You can configure a receiving address for aggregate reports (rua) and forensic reports (ruf) that show you where your domain's email is being sent from, which messages are failing authentication, and which third-party senders are using your domain. This visibility is invaluable for diagnosing deliverability issues.
How it works
DMARC is configured by adding a TXT record to your DNS at _dmarc.yourdomain.com. A basic starting policy looks like: v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com — this monitors without taking action and sends reports to your email. Once you've verified that all legitimate email sources pass SPF and DKIM, you can escalate to p=quarantine and eventually p=reject. The progression typically takes 30-60 days of monitoring. Most domain providers and email platforms (Google Workspace, Cloudflare) have documentation to walk you through the exact DNS record format.
Related terms
Need help with dmarc?
Book a free 30-minute audit. We will show you exactly what to fix and how to fix it.
Book a free audit