DMARC - "Domain-based Message Authentication, Reporting & Conformance"

What is DMARC, and how does it combat phishing?

  • DMARC is a way to make it easier for email senders and receivers to determine whether or not a given message is legitimately from the sender, and what to do if it isn't. This makes it easier to identify spam and phishing messages, and keep them out of peoples' inboxes.
  • DMARC is a proposed standard that allows email senders and receivers to cooperate in sharing information about the email they send to each other. This information helps senders improve the mail authentication infrastructure so that all their mail can be authenticated. It also gives the legitimate owner of an Internet domain a way to request that illegitimate messages - spoofed spam, phishing - be put directly in the spam folder or rejected outright. [1]


It is generally recommended that all email senders, regardless of campaign volume, should set up DMARC to help secure their domain from phishing.  This can help a sender's domain reputation because it can help identify and, eventually, prevent potential domain spoofing.  If complaints are being generated by a spoof it can impact the domain reputation of the spoofed domain.  But, it is important to note, DMARC is primarily a security feature not a deliverability enhancement.


DMARC is not managed or hosted by Marketo.  DMARC records are set up in a Marketo customer's DNS records which are under control of the customer.  The Marketo customer would need to set up and manage all DMARC related DNS settings and feedback.


It is recommended that the customer get DMARC implemented in it's simplest form, the test and report form, and monitor traffic.  Customers with popular brands may very likely see phishing traffic that but there are also mail streams that are legitimate that could be impacted from implementing DMARC too strictly in the beginning.

How Does DMARC Work?


In order for DMARC to validate, DKIM and/or SPF must pass.  If neither passes, then the action requested (none, quarantine or reject) domain policies (d= and/or sd=) in the DMARC DNS text entry will be followed.  Once either DKIM and/or SPF have passed, DMARC will then take action based on the specified parameters.





For more information please refer to the DMARC site -


1 < >