What is DMARC?
Domain-based Message Authentication, Reporting and Conformance (DMARC) tells receivers what to do when email fails SPF or DKIM alignment for your domain.
Why DMARC matters
DMARC gives domain owners a policy for unauthenticated mail and a reporting channel for seeing who is sending on behalf of the domain. It is published as a TXT record at _dmarc.yourdomain.
A DMARC record with p=none is useful for monitoring, but enforcement usually requires moving to p=quarantine or p=reject after legitimate senders are authenticated.
Key tags to understand
The p tag defines the domain policy. The rua tag requests aggregate reports. The pct tag controls the percentage of mail affected by the policy. The aspf and adkim tags control SPF and DKIM alignment strictness.
Subdomains can inherit the main policy or use sp for a separate subdomain policy.
How NerdTools helps
The DMARC checker looks up your _dmarc TXT record, parses tags, detects duplicate records, and flags monitoring-only policies or missing reporting addresses.
FAQ
Is p=none enough?
p=none is monitoring only. It does not ask receivers to quarantine or reject failing mail.
Do I need SPF and DKIM before DMARC?
Yes. DMARC depends on aligned SPF or DKIM authentication. Most domains should configure both.
What is a rua address?
rua is the mailbox or reporting endpoint that receives aggregate DMARC reports from participating receivers.