DMARC
DMARC is an email authentication policy that builds on SPF and DKIM, telling receiving servers what to do with messages that fail authentication and reporting back to the domain owner.
DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication policy that sits on top of SPF and DKIM. It does two jobs: it tells receiving servers what to do with mail that fails authentication (allow, quarantine, or reject), and it sends reports back to the domain owner showing who is sending mail in the domain name.
Why it matters for outbound
DMARC is now effectively required. Major mailbox providers expect bulk senders to publish a DMARC policy, and senders without one face stricter filtering. For outbound programs, a correct DMARC record signals legitimacy and protects the domain from being spoofed by bad actors, which would otherwise wreck domain reputation. The reporting side also gives early warning of authentication problems before they hurt deliverability.
Outword sets and monitors DMARC as part of standing up any sending foundation.
How it works
DMARC relies on a concept called alignment: the domain in the visible From address must match the domain validated by SPF or DKIM.
- A DNS record publishes the policy (p=none, p=quarantine, or p=reject).
- Receivers check SPF and DKIM, then confirm the From domain aligns.
- Failing mail is handled per the policy, and aggregate reports are sent back.
Most senders start at p=none to observe, then tighten to quarantine or reject once aligned. See our deliverability service for managed setup.
From definitions to pipeline
Outword turns outbound theory into a running motion. Book a call to see what that looks like for your team.