What is a DMARC record?

DMARC Stands for Domain-Based Message Authentication, Reporting, and Conformance.

The number of domains implementing DKIM and SPF records is really low. As a result, the onus of classifying an email as spam or blocking it is still left on mailbox providers.

DMARC is a way to make it easier for email senders and receivers to determine whether or not a given message is legitimately from the sender, and what to do if it isn’t. This makes it easier to identify spam and phishing messages and keep them out of peoples’ inboxes.

A DMARC policy allows a sender to indicate that their messages are protected by SPF and/or DKIM and tells a receiver what to do if neither of those authentication methods passes – such as junk or reject the message. DMARC removes the guesswork from the receiver’s handling of these failed messages, limiting or eliminating the user’s exposure to potentially fraudulent & harmful messages. DMARC also provides a way for the email receiver to report back to the sender about messages that pass and/or fail DMARC evaluation.

Now that you are familiar with various aspects of email authentication, you should ensure that whatever ESP you are using provides you appropriate DKIM, SPF records, and TLS support for better email deliverability.


Email runs over the top of a protocol called SMTP ( Simple Mail Transfer Protocol ) which is unencrypted by its very nature.

The email message may go over multiple SMTP relay servers between the original server and actual recipient of the email. Now if your email message is unencrypted then a malicious server can read its contents which should have been private.

TLS or transport level security provides a mechanism to encrypt email messages which prevent the content being read from entities other than the intended recipients.

Gmail implements TLS for email delivery and it is only some time before it becomes mandatory across various mailbox providers.