Why DMARC Matters in 2026
DMARC (Domain-based Message Authentication, Reporting & Conformance) is the policy layer that tells receiving servers what to do when an email fails SPF or DKIM checks. Without DMARC, anyone can send emails pretending to be from your domain — a technique used in phishing and business email compromise attacks.
Since 2024, both Gmail and Yahoo require DMARC for bulk senders. In 2026, it's effectively mandatory for any domain that sends email.
DMARC Record Format
A DMARC record is a TXT record at _dmarc.yourdomain.com:
v=DMARC1; p=reject; rua=mailto:dmarc@yourdomain.com; pct=100; adkim=s; aspf=s
Policy Options (p=)
p=none— Monitor only. No action on failed emails, but you receive reports.p=quarantine— Failed emails go to spam/quarantine.p=reject— Failed emails are rejected entirely.
Recommended: Start with p=none, analyze reports for 2-4 weeks, then move to p=quarantine, and finally p=reject.
Setting Up DMARC — Step by Step
Step 1: Ensure SPF and DKIM Are Working
DMARC requires at least one of SPF or DKIM to pass. Use our free checker to verify both are configured correctly before enabling DMARC.
Step 2: Create the DNS Record
Add a TXT record at _dmarc.yourdomain.com:
v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com
Step 3: Monitor Reports
The rua tag specifies where aggregate reports should be sent. You'll receive XML reports showing which emails pass/fail authentication. Services like DMARC analyzer can parse these for you.
Step 4: Tighten the Policy
Once you confirm all legitimate mail passes authentication:
v=DMARC1; p=reject; rua=mailto:dmarc@yourdomain.com; pct=100
Free DMARC Checker
Check your DMARC record instantly with our free mailcheck tool. We also check SPF, DKIM, MX records, MTA-STS, and BIMI in one scan.
See how top domains score: disroot.org (100/100) · rabobank.nl (99/100) · microsoft.com (96/100)