DMARC stands for Domain-based Message Authentication, Reporting and Conformance. It's a system designed to stop spoofed email messages. Specifically, DMARC provides a way to tell the Internet what mail providers should do if they are asked to deliver an email message that claims to be from an email address using your domain name, but seems suspicious.
Note: Your doman's DMARC setting only affects email sent from your domain name. It has no impact on the amount of spam that you may be receiving. Also, if you do not have your own custom domain name, DMARC does not apply to you.
A message will be considered suspicious if it fails either the DKIM signature test (the message has not been properly digitially signed) or the SPF test (the message was not sent by a server you have designated as allowed to send email on your behalf).
You can ensure your domain name will pass the DKIM and SPF tests by creating special domain name records. And, if you choose to use DMARC, you must create DKIM and SPF records before you create a DMARC record. By creating these two records, you will ensure that all email sent via May First from your domain name will properly pass both the DKIM and SPF tests.
Two major mail providers, Google and Yahoo, announced in 2023 that they were going to become more aggressive in blocking email from domains that send more than 5,000 messages per day that are "not authenticated." Both providers clearly state that domain names must have an SPF and a DMARC record to be considered "authenticated." Google makes no mention of DMARC records, but Yahoo suggests that you should have a DMARC record, minimally with a policy of "none." Setting your DMARC policy to "none" means you are telling the world not to take action if a message fails both the DKIM and SPF rules (although Yahoo says even with a policy of "none" they will reject messages that fail the policy). It's confusing!
To be safe, we recommend that groups minimally add a DMARC record with a policy of "none". Additionally, if you host your DNS with May First, we have already created all the necessary records for you.
You may optionally change your DMARC policy from "none" to "reject," which tells the world: if anyone sends a message claiming to be from our domain name that fails either the DKIM or SPF tests, please reject it.
The danger of adding a DMARC record with a policy of "reject" is that it may cause some of your legitimate email to be blocked. For example, with some email lists, if you send a message from your domain name to the list, the list server will deliver the email to the final recipients. Because it is sent from a different server, the message might fail both the DKIM and SPF tests, even though it really is from you.
On the other hand, if you do not have a DMARC policy, then you are more vulnerable to scammers sending email messages claiming to be from your domain name. With advanced in artificial intelligence, it is becoming easier and easier to send convincing messages that look indistinguishable from an email sent by your boss or administrator. So, employing a policy of "reject" will effectively block many of these scam emails.
See our guide on setting up a DMARC record.