DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol that builds on top of SPF and DKIM to provide domain owners with greater control over how their domain is used in email messages.
DMARC enables domain owners to specify policies for how their domain’s email should be handled if it fails SPF and/or DKIM checks. For example, a domain owner can specify that any email that fails both SPF and DKIM should be rejected outright, or that it should be marked as spam and sent to the recipient’s spam folder.
In addition to specifying policies for handling failed email, DMARC also provides domain owners with visibility into how their domain is being used in email messages. DMARC generates reports that show which email servers are sending email on behalf of the domain, and whether those servers are passing SPF and DKIM checks.
By implementing DMARC, domain owners can improve email security, reduce the risk of email fraud and phishing, and improve email deliverability by ensuring that their legitimate email messages are not marked as spam or rejected by recipient email servers. DMARC is widely used by email providers, including Gmail, Yahoo, and Microsoft, to help protect their users from email fraud and phishing attacks.