DMARC explained: policy, alignment, and reports
The SignalMail Team · Apr 13, 2026 · 7 min read
DMARC (Domain-based Message Authentication, Reporting and Conformance) is the policy layer on top of SPF and DKIM. It tells receivers what to do when a message fails authentication, and sends you reports on everything claiming to be your domain.
The record
A TXT record on _dmarc.yourdomain.com with a policy and a reporting address:
v=DMARC1; p=none; rua=mailto:[email protected]
Three policies
p=none— monitor only. Nothing is blocked; you just collect reports. Start here.p=quarantine— failing mail is sent to spam.p=reject— failing mail is refused outright. The goal state.
Alignment
DMARC passes only if SPF or DKIM not only pass but align with the From domain. This is why signing and sending with your own domain matters — see the DKIM guide.
Roll out in stages
Run p=none for a few weeks and read the aggregate (rua) reports to find every legitimate sender. Once they all pass, move to quarantine, then reject. Rushing to reject before your senders align will bounce your own mail.
Why it matters now
Major inbox providers now require DMARC for bulk senders. Without it, cold email increasingly does not arrive at all. Confirm your policy on SignalMail's Deliverability page.