DMARC (Domain-based Message Authentication, Reporting & Conformance) is a DNS policy that sits on top of SPF and DKIM. It says how a receiver should treat mail that fails authentication - monitor, quarantine, or reject - and asks them to send back reports on what they saw.
It's the control that actually stops impersonation rather than just detecting it - and its reports are the only window you get into who's sending as you, from where, and whether they pass. Move to enforcement too fast and you can block your own mail; too slow and the door stays open.
A published policy at full enforcement, reached deliberately by reading the reports first so no legitimate sender is caught out, with aggregate reporting flowing so you keep seeing who's impersonating you. Reading and acting on those reports week after week is the real work - and where DMARCER does the heavy lifting.
Related: SPF · DKIM · MTA-STS · TLS-RPT · DNSSEC · Blacklist monitoring
DMARCER turns raw DMARC reports into a plain-English picture of your exposure - and guides you safely to enforcement.
Get started