Quick Summary
DMARC is an email authentication policy standard built on top of SPF and DKIM.
DMARC (Domain-based Message Authentication, Reporting and Conformance) provides the most comprehensive defense mechanism against email fraud. It specifies what to do when SPF and DKIM checks fail.
How DMARC Works
The domain owner adds a DMARC record to DNS. This record supports three policies:
none: Monitoring mode. Failed messages are still delivered but reported.
quarantine: Failed messages are directed to the spam folder.
reject: Failed messages are completely rejected.
DMARC DNS Record Example
_dmarc.example.com TXT "v=DMARC1; p=reject; rua=mailto:dmarc@example.com"
ONS Mail DMARC Support
ONS Mail fully enforces DMARC policies and provides automatic DMARC report analysis.