Email Marketing & Klaviyo

DMARC

A policy protocol instructing servers how to handle emails that fail SPF or DKIM checks.

1 min readLast updated Apr 2026

A policy protocol instructing servers how to handle emails that fail SPF or DKIM checks.

Why It Matters

DMARC ties SPF and DKIM together and tells receiving servers what to do when authentication fails (nothing, quarantine, or reject). It also enables reporting so you can see who's sending email as your domain—legitimate or fraudulent. Gmail and Yahoo require DMARC for bulk senders.

Practical Example

Scenario

A skincare brand discovers through DMARC reports that their domain is being spoofed in phishing attempts targeting their customers.

Calculation

DMARC aggregate reports show 500 emails/day failing authentication from unknown IPs

Result

They move from p=none (monitoring) to p=quarantine, then p=reject. Spoofed emails now go to spam or are rejected entirely, protecting customers and brand reputation.

Pro Tips

  • 1Start with p=none to monitor without affecting delivery, then gradually increase enforcement
  • 2Set up DMARC reporting (rua= tag) to receive aggregate reports about authentication results
  • 3Ensure all legitimate sending sources pass SPF or DKIM before enforcing p=reject
  • 4Use DMARC reporting services (Valimail, Dmarcian) to interpret reports easily

Common Mistakes to Avoid

Jumping straight to p=reject before validating all legitimate sending sources
Setting up DMARC without SPF and DKIM in place first
Ignoring DMARC reports that reveal spoofing or misconfigured senders

Frequently Asked Questions

Related Terms

SPF

Sender Policy Framework - a DNS-based email authentication protocol.

DKIM

DomainKeys Identified Mail - an email authentication method adding a digital signature.