DMARC = Domain-based Message Authentication, Reporting & Conformance.
- Authentication: Requires messages to pass SPF or DKIM (or both), aligned to your domain.
- Policy: Tell receivers what to do if auth fails:
p=none | quarantine | reject. - Reporting: You get aggregate XML reports so you see who’s sending on your behalf.
Start safe:
- Publish
p=noneand monitor reports via a DMARC service. - Fix legitimate senders (newsletters, support tools) to pass SPF/DKIM with alignment.
- Gradually move to
quarantinethenreject.
Record (example):
_dmarc.caduh.com TXT "v=DMARC1; p=none; rua=mailto:[email protected]"