DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication, policy and reporting protocol that helps detect and prevent email spoofing. Spoofing is when the email From: address is forged so it appears to have come from your domain, but it is actually spam. This spoofed email can negatively affect the reputation of your domain and also impact legitimate email being sent by your users.

DMARC helps prevent spoofing by allowing email senders and receivers to verify their email. Receivers can supply senders with information about their authentication, while senders can tell receivers what to do when they receive a message that does not authenticate.

DMARC builds on the widely used SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) protocols to verify emails are authentic. A message that does not pass SPF or DKIM checks triggers the DMARC policy. See DMARC Policies.

See external_link.png for more information.


If DMARC is enabled in SpamTitan, the behavior of SPF could change. If you have SPF Reject enabled, mail that fails SPF during the initial SMTP handshake will still be rejected during the initial SMTP handshake, but only if the sending domain does not have a DMARC record.

If the sending domain does have a DMARC record, then the message body will be accepted and the policy that has been defined in the DMARC record will be applied. A DMARC policy can specify ‘none’, ‘quarantine’, or ‘reject’, see DMARC Policies below.

It is good practice to set up your DMARC record with a policy of ‘none’ initially to monitor where mail is being sent from. When you are confident that your SPF record is correct, then change the policy to 'quarantine' or 'reject'.