DMARC is short for Domain-based Message Authentication, Reporting, and Conformance . It is a protocol used along with SPF and DKIM, that ensures proper authentication of emails. It protects your sender domains from spoofing and gives you ability to monitor and control usage of your sender domain.
DMARC checks SPF and DKIM of incoming email - if mail is properly authenticated it goes through. If there is an error - received mail is not authenticated - recipient server executes policy from DMARC record. Later on recipient server can send report to domain owner about such incidents.
You can implement DMARC in many ways and our Wizard will help you create and customize DMARC policy suited for your needs.
We are sorry, the PostBoxServices.com Generator is not optimized for smartphones and tablets yet.
Please, use a desktop browser
Emails will be placed in spam/junk folder.
Emails will not be delivered to recipient inbox at all. This is most strict setting, but it will protect your domain from spoofing.
[email protected] sends email to your mailbox. Your recipient server checks SPF & DKIM of incoming email - they are both correct so mail goes through.
[email protected] sends email to your mailbox. Recipient server checks SPF & DKIM , but finds out that mail is not properly authenticated with it. It checks DMARC policy of johndoe.com . Johndoe.com owner set up policy to p=reject - that means non authenticated mail will be rejected.
Email will be delivered to mailbox normally, however recipient server will still record this behavior and include it in reports. "None" is used when you want to analyze your mail authentication and to check if somebody is not spoofing your address.
Policy determines what recipient server must do when incoming mail will fail SPF and DKIM authentication. Policy is most important aspect of DMARC entry. Current protocol allows for three outcomes : none, quranatine and reject. Each policy has its own merits.
Keep in mind that errors in mail authentication may be caused by several factor : your SPF or DKIM entry may be misconfigured, your domain entries may be not visible for servers, somebody is trying to spoof your address.
On default subdomains inherit policy settings from parent domain. You can change this setting if you wish.