DMARC (Domain-based Message Authentication, Reporting and Conformance) is the shield that protects your domain from spoofing and phishing. It combines SPF and DKIM to decide what happens to unauthenticated emails.
p=none to observe traffic, then move to p=quarantine, and finally p=reject.How DMARC works
- An email reaches the recipient
- The server checks SPF and DKIM
- It also checks alignment with the "From" domain
- Per your DMARC policy, the email is delivered, quarantined or rejected
- A report is sent to the address you specify
The 3 policies
| Policy | Effect | When to use |
|---|---|---|
p=none | No action | Observation phase |
p=quarantine | Sent to spam | Intermediate phase |
p=reject | Outright rejection | Full protection |
Alignment: the key to compliance
DMARC verifies that the domain in the "From" address matches the one validated by SPF/DKIM. Two modes:
- Relaxed: subdomain is enough (recommended)
- Strict: must be the exact same domain
Configure DMARC for Mailpro
- Add a TXT record at
_dmarc.yourdomain.com - Start with
v=DMARC1; p=none; rua=mailto:[email protected] - Also configure SPF and DKIM
- Monitor reports for 4-6 weeks
- Move gradually to
quarantine, thenreject
More on the Mailpro DMARC page and the deliverability hub.