The Power of DMARC: How It Can Keep Your Business Safe

Ensuring successful email delivery is critical for any email marketing campaign. However, many marketers may face challenges when comprehending the technical components of email deliverability. DMARC, which stands for "Domain-based Message Authentication, Reporting, and Conformance," is one aspect that marketers need to be familiar with. In this piece we delve into what it is, its significance and impact on email deliverability.

What is DMARC?

DMARC is an email authentication protocol that is used to prevent fraudulent emails from being delivered to the recipient's inbox that builds upon SPF & DKIM, requiring that at least one of them is implemented as a prerequisite.

SPF allows email senders to specify which IP addresses are authorised to send emails on behalf of their domain.

Additionally, DKIM, the email authentication method that uses a digital signatures to authenticate emails. The signature lets the receiver know that a message was sent and authorised by the owner of a domain, offering yet another level of security.

If you need more information regarding how DKIM works, our article can help you get started.

DMARC is the next layer of protection by adding further parameters that ESPs can check in order to confirm that the email is authentic. In order for an email to be considered authentic it requires that SPF alignment passes as a minimum and can be set up to check for DKIM alignment as well.

It should be pointed out that Google recently made changes to their requirements choosing DKIM as a prerequisite after an issue arose with SPF, which we cover in our article under the risks of an incorrect setup.

For a full list of resources linked to the implementation of DMARC visit the official website.

Why does DMARC matter?

It is crucial in ensuring email deliverability and protecting your brand's reputation and it’s worth mentioning that German ESPs have recently placed greater importance on having it implemented.

First of all, it enables email service providers (ESPs) to determine which emails are legitimate and which are not. This allows ESPs to make better decisions about which emails to deliver to the inbox and which to send to the spam folder, and what emails to block and reject completely.

As a result, one of the primary benefits is its ability to prevent spoofing and phishing attacks, whereby hackers or cybercriminals send an email using your brand's domain in order to, essentially, trick people into handing over their money.

It goes without saying that would be detrimental to your business’s reputation.

Also, as your customers’ personal information is protected against such attacks, it is important for compliance with regulations such as GDPR, which requires that you take steps to protect their data.

Although when operating in the EU, RUF reports are not GDPR compliant as they can contain PII (Personally Identifiable Information.)

To set it up for your domain, you must create a record in your DNS settings.

What does a DMARC record look like?

Like SPF, it requires a TXT record be added to a domain's DNS (Domain Name System) settings. It contains various tags that define the policy and reporting options for the domain. A typical record looks like this: 3600 IN TXT "v=DMARC1; p=none; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1"

Here's a breakdown of the components in the example DMARC record:

  1. This is the record's location in the DNS, which is created as a subdomain under the primary domain (in this case,
  2. 3600: This is the Time to Live (TTL) value in seconds, which determines how long the record should be cached by DNS resolvers.
  3. IN TXT: This indicates that the record is an Internet (IN) class TXT (text) record.
  4. "v=DMARC1;: The v tag specifies the version.
  5. p=none;: The p tag defines the policy for handling emails that fail DMARC checks. In this case, none means no specific action should be taken. Other options are quarantine (to mark the message as spam or suspicious) and reject (to reject the message entirely).
  6. rua=mailto:[email protected];: The rua tag specifies the email address to which aggregate reports (RUA reports) should be sent.
  7. ruf=mailto:[email protected];: The ruf tag specifies the email address to which forensic reports (RUF reports) should be sent.
  8. fo=1: The fo tag defines the conditions for generating forensic reports. In this case, 1 means to generate a report if either SPF or DKIM fails.

There are additional, optional tags that can be included in a record, such as adkim, aspf, pct, and sp, to further customise the policy and reporting options. The tags should be separated by semicolons and enclosed in the double quotes within the TXT record.

Report Types

There are two types of reports, known as RUF (Report Using Forensic) and RUA (Report Using Aggregate), they contain data about email authentication results, including information about emails that failed SPF, DKIM, and DMARC checks. These reports help domain owners monitor their email traffic and detect potential issues or malicious activities.


DMARC is an essential aspect of email deliverability that helps to prevent spoofing and phishing attacks, improve email deliverability, and ensure compliance with regulations. It helps you protect your brand's reputation and improve the effectiveness of your email marketing campaigns.

We offer a full range of deliverability services, including DMARC monitoring packages to ensure that your domain is fully protected and optimised, contact InboxWizards to discuss your requirements with an expert.