13.1 What is DMARC?
DMARC is an acronym which stands for Domain-based Message Authentication, Reporting & Conformance.
Bulk email needs to be properly authenticated to meet data security and deliverability needs. It is essential for every site, and ISPs and corporations worldwide are implementing DMARC to help solve these problems.
But what, exactly, is DMARC?
DMARC is a technical standard that "marries" several different, pre-existing security protocols to create a consistent method of proving that mail claiming to originate from your domain actually did so originate. Your authentication practices are published in DNS for anyone to query, along with what to do with mail that fails the authentication checks. It also allows reporting on what actions were taken on mail claiming to be from your domain.
Effectively, DMARC builds on the following existing protocols:
- SPF (Sender Policy Framework, defined in RFC 7208 and related standards
- DKIM (Domain Keys Identified Mail, an overview of which is found in RFC 5585, and which we discuss in conjunction with LISTSERV in Section 12 of this document
- Standard DNS records such as A (address) and MX (mail exchanger) records
It is beyond the scope of this document to explain in detail how DMARC works, as there are many such explanations available on the Internet. However, since 2014, LISTSERV has recognized DMARC and is able to comply with it.