DMARC (Domain-based Message Authentication, Reporting and Conformance) is the policy layer that sits on top of SPF and DKIM. It lets you publish, in DNS, what mailbox providers should do with messages that claim to come from your domain but fail authentication: deliver them anyway, send them to spam, or reject them outright. DMARC also gives you visibility — providers send aggregate reports back so you can see who is sending mail in your name.
How DMARC works in practice. You publish a TXT record at _dmarc.yourdomain.com with a policy such as v=DMARC1; p=quarantine; rua=mailto:[email protected]. When a receiver gets a message, it checks that the visible From domain aligns with a passing SPF or DKIM result, then applies your policy. The p= tag tells receivers whether to monitor (none), quarantine, or reject failures, and rua tells them where to send daily reports.
Why DMARC matters for senders. Without DMARC, spoofers can pass SPF or DKIM on a different domain and still impersonate you to your subscribers. With DMARC enforced, Gmail and Yahoo can reject those messages on your behalf — a requirement they made mandatory for bulk senders in 2024. DMARC is what turns SPF and DKIM from technical hygiene into actual brand protection.
Mailpro and DMARC
DMARC policy, ready out of the box
Mailpro emails are aligned with DMARC by default, so the policy your domain publishes is honoured. Your authentication chain — SPF, DKIM and DMARC — works without any setup on your side.