DMARC — Domain-based Message Authentication

DMARC (Domain-based Message Authentication, Reporting and Conformance) builds on SPF and DKIM to give domain owners control over what happens to unauthenticated email. This guide covers DMARC policy levels (none, quarantine, reject), SPF and DKIM identifier alignment, aggregate reporting via rua tags, forensic reporting via ruf tags, pct (percentage) for gradual rollout, subdomain policies, and how to safely progress from p=none to p=reject without disrupting legitimate mail flow.