DMARC
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol that builds on SPF and DKIM to prevent email spoofing and provide reporting on authentication results.
What Is DMARC?
DMARC tells receiving mail servers what to do when an email fails SPF and DKIM checks. You publish a DMARC policy in your DNS that specifies one of three actions: none (monitor only), quarantine (send to spam), or reject (block entirely). DMARC also provides a reporting mechanism — you receive XML reports showing which servers are sending email from your domain and whether they pass authentication. DMARC requires 'alignment', meaning the domain in the From header must match the domain authenticated by SPF or DKIM.
Why It Matters for Newsletters
DMARC is the final piece of the email authentication puzzle. As of 2024, Google and Yahoo require DMARC for all domains sending over 5,000 emails per day. Without DMARC, your emails face increasing deliverability challenges, and your domain is vulnerable to spoofing attacks that can damage your reputation with subscribers.
Best Practices
- Start with a p=none policy to monitor without affecting delivery
- Review DMARC reports to identify unauthorised senders using your domain
- Gradually move to p=quarantine and then p=reject as you gain confidence
- Set up SPF and DKIM before implementing DMARC
- Use a DMARC monitoring service to parse the XML reports into readable data
How Aldus Handles This
Aldus provides guidance on setting up DMARC for your sending domain. Since Aldus configures SPF and DKIM automatically, adding DMARC is straightforward — you just need to add one more DNS TXT record. The platform ensures SPF and DKIM alignment so your emails pass DMARC checks.