Growth Marketing Glossary

DMARC

DMARCnoun

The rulebook that turns two checks into a real defence against from-address spoofing.

DMARC — the policy layerSPF + DKIMalignment + policyenforce
Schematic — DMARC aligning SPF and DKIM
Builds on
SPF and DKIM
Protects
the visible from domain
Policies
none, quarantine, reject
Adds
aggregate reporting

Forms & parts of speech

DMARC · noun
A policy aligning SPF and DKIM with the from domain.
"We moved DMARC from p=none to p=reject once reports looked clean."

What DMARC adds

SPF and DKIM each validate part of an email, but neither directly protects the from address a reader actually sees. DMARC closes that gap by requiring SPF or DKIM to align with the visible from domain.

It also tells receiving servers what to do when mail fails: do nothing (p=none), send it to spam (quarantine), or block it outright (reject). And it returns aggregate reports so senders can see who is sending as their domain.

How senders roll it out

Deployment is staged. You start at p=none to monitor, read the aggregate reports to confirm all legitimate mail authenticates, then tighten to quarantine and finally reject once you are confident nothing real will be blocked.

Skipping straight to reject risks blocking your own forgotten sending services. Google and Yahoo's 2024 rules require bulk senders to publish a DMARC policy, making this stack non-optional for anyone sending volume.

Worked example. Suppose a company publishes DMARC at p=none and the aggregate reports reveal an unknown server blasting invoices as its domain — a spoofing campaign it could not see before.

After confirming every legitimate service passes SPF or DKIM with alignment, the company moves the policy to quarantine and then reject. Now mailbox providers drop the spoofed invoices automatically, and the brand's from address is genuinely protected rather than merely monitored.
Failure modes to watch. Publishing p=reject before confirming all legitimate mail aligns, which blocks your own messages; setting p=none and never tightening it, so DMARC only watches and never defends; and ignoring the aggregate reports that reveal abuse.

Benchmarks

DMARC posture is a policy state, not a metric. The meaningful measure is moving from monitoring to enforcement with full legitimate-mail alignment.

Policies
none / quarantine / reject
Rollout
monitor then enforce
Required by
Google/Yahoo 2024

Ranges are illustrative; every published figure is cited from a named public source or labelled “RGM analysis.”

Synonyms & antonyms

Synonyms

domain-based message authentication

Antonyms

spoofing

Usage trends

Search interest for this term over the last five years:

View interest-over-time on Google Trends →

Common questions

What does DMARC do?
It aligns SPF and DKIM with the visible from domain, tells receivers whether to allow, quarantine, or reject failing mail, and provides reports on who is sending as your domain.
What are the DMARC policies?
p=none monitors only, p=quarantine sends failures to spam, and p=reject blocks them. Senders typically progress from none to reject as confidence grows.
Is DMARC required?
Google and Yahoo's 2024 bulk-sender rules require a DMARC policy for high-volume senders, alongside SPF and DKIM.

Related tools & calculators

Resources & people to follow

Curated, non-competitor resources verified per term.

Sources

  1. trendsGoogle Trends — "dmarc"