2026-04-11·5 min read

What is DMARC? A Plain-English Guide for Business Owners

DMARC in one sentence

DMARC tells email servers what to do when someone pretends to send email from your domain.

Without it, anyone can send emails that look like they come from you — to your customers, employees, or partners.

Why your business needs DMARC

73% of organisations experienced phishing in 2025

Google and Yahoo require DMARC for bulk senders

Your brand reputation is at stake

How it works

DMARC builds on SPF (who can send) and DKIM (cryptographic signatures). It adds a policy: 'none' (monitor), 'quarantine' (spam folder), or 'reject' (block).

Setting up DMARC

1. Check your current state with the [free DMARC checker](/tools/dmarc-checker)

2. Add a DNS TXT record: 'v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com'

3. Monitor for 2-4 weeks, then tighten to 'quarantine' then 'reject'

Common mistakes

Jumping straight to reject (blocks legitimate email)

Forgetting third-party senders (Mailchimp, HubSpot)

Not having SPF or DKIM first

Ready to check your domain?

Run all 18 security checks in 2 minutes. Free, no signup required.

Check your DMARC →