73 Ocean Street, New South Wales 2000, SYDNEY

Contact Person: Callum S Ansell
P: (02) 8252 5319


22 Guild Street, NW8 2UP,

Contact Person: Matilda O Dunn
P: 070 8652 7276


Genslerstraße 9, Berlin Schöneberg 10829, BERLIN

Contact Person: Thorsten S Kohl
P: 030 62 91 92

What Does DMARC Add On Top Of Existing Email Authentication Standards Like SPF And DKIM?

  • Reporting: DMARC-participating receivers agree to provide email authentication reports to sending domains. This allows the owners of these sending domains to understand the current state of email authentication for their domain, see legitimate services that may not be properly authenticating, and identify sources of domain abuse.
  • Policy: With DMARC, sending domains can recommend how a receiver should treat an email that fails authentication, rather than leaving it to the discretion of the receiver. This allows sending domains to authenticate all sources of legitimate email over time, rather than requiring domain owners to fix all authentication issues immediately. A report-only policy of ‘p=none’ can be useful during this investigation phase, but domain owners should strive to reach an enforcement level of ‘p=quarantine’ or ‘p=reject’.
  • Identity Alignment: There are multiple sources of identity in an email message (including the From address, DKIM signature identity, and Return-Path address). DMARC prioritizes the human-readable From address as a source of identity, and only considers authentication results for identities that are aligned with this From address. SPF and DKIM use different sources of identity, and so the authentication they provide will only prevent fraud if their source of identity matches the human-readable From address in some way.