Přejít k obsahu
(+381) 60 3535 720
Můj účet
BeoHosting
BeoHosting
Můj účetKontakt
(+381) 60 3535 720
 

Email authentication and protection against spoofing

What Is DMARC?

A detailed explanation of the DMARC protocol — how it works with SPF and DKIM, what the policies are (none, quarantine, reject), and why DMARC is essential for protecting your email domain.

Email hosting plansContact us
BRZI ODGOVOR

What is DMARC?

DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email security protocol that protects a domain from spoofing and phishing. It works together with SPF (allowed servers) and DKIM (digital signature). The policy defines what to do with unauthenticated emails: none (report only), quarantine (spam folder) or reject (discard). Essential for banks, e-commerce, SaaS and any company that protects its brand.

  • DMARC = domain protection against spoofing
  • Works with SPF + DKIM
  • Policies: none, quarantine, reject
  • Gmail/Yahoo require DMARC since 2024
  • BeoHosting: configurable in the cPanel DNS editor

Tým BeoHosting

10+ let zkušeností — Specialisté na webhosting a infrastrukturu

Naposledy aktualizováno:

What is DMARC and why does it matter?

DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email security protocol that protects your domain from unauthorized use — known as email spoofing. Spoofing is when someone sends fake emails that look like they come from your domain.

DMARC works in combination with two other protocols: SPF (Sender Policy Framework), which defines which servers are allowed to send email from your domain, and DKIM (DomainKeys Identified Mail), which adds a digital signature to every email.

Ko e-poštni strežnik prejme sporočilo, preveri zapis DMARC vaše domene in na podlagi tega odloči, kaj storiti z e-poštnimi sporočili, ki ne prestanejo avtentikacije SPF/DKIM. Z e-poštnim gostovanjem BeoHosting sta SPF in DKIM samodejno konfigurirana za vašo domeno.

How DMARC works — step by step

DMARC uses SPF and DKIM to verify the authenticity of emails.

1

The email is sent

Your email server sends the message to the recipient. The email contains a DKIM signature and information about the sending server (for the SPF check).

2

The recipient checks SPF

The recipient's email server checks your domain's SPF record to determine whether the server that sent the email is authorized to send on your behalf.

3

The recipient checks DKIM

The recipient's server verifies the DKIM digital signature to confirm that the email content was not altered in transit.

4

DMARC evaluation

The server checks the DMARC record and determines whether the email passes alignment — whether the SPF and/or DKIM domain matches the From domain in the email header.

5

Policy enforcement

Based on the DMARC policy (none/quarantine/reject), the server decides whether to deliver the email, send it to spam, or reject it entirely.

DMARC policies: none, quarantine, reject

DMARC defines three levels of protection that you can apply to your domain.

p=none

Monitoring

Monitor only — emails are delivered normally, but you receive reports about which emails pass and which fail authentication. Ideal for the initial setup.

p=quarantine

Quarantine

Emails that fail the DMARC check are placed in the recipient's spam/junk folder. Legitimate email still arrives, but fake emails end up in spam.

p=reject

Reject

Emails that fail the DMARC check are rejected entirely — they never reach the recipient. The strongest protection against email spoofing and phishing.

Recommended approach

Start with p=none for 2-4 weeks to monitor the reports. Then move to p=quarantine for 2 weeks. Finally, once you are sure all legitimate services are configured correctly, move to p=reject for full protection.

Why is DMARC important for your domain?

DMARC protects your brand, improves deliverability and provides visibility.

Protection against spoofing

DMARC prevents unauthorized sending of emails from your domain. Without DMARC, attackers can send phishing emails that look like they come from you, damaging your brand and your customers' trust.

Better email deliverability

Email providers (Gmail, Outlook, Yahoo) give priority to domains with DMARC. Your legitimate emails have a greater chance of reaching the inbox instead of spam, which improves communication with customers.

Visibility and reports

DMARC sends daily reports about all emails sent from your domain — who sends them, whether they pass SPF/DKIM and where they come from. This is key to identifying unauthorized use of your domain.

Compliance with requirements

Since February 2024, Google and Yahoo require DMARC for sending more than 5,000 emails per day. Without DMARC, your bulk emails can be blocked or end up in spam.

Example DMARC DNS record

The DMARC record is added as a TXT DNS record on the _dmarc subdomain of your domain. Here is an example of a complete DMARC record:

DNS TXT record: _dmarc.yourdomain.com

v=DMARC1; p=quarantine; rua=mailto:dmarc-reports@vasdomen.rs; ruf=mailto:dmarc-forensic@vasdomen.rs; adkim=r; aspf=r; pct=100
v=DMARC1

The version of the DMARC protocol (always DMARC1).

p=quarantine

The policy — what to do with emails that fail the check (none/quarantine/reject).

rua=mailto:...

The address for aggregate reports (daily summary reports about all emails).

ruf=mailto:...

The address for forensic reports (detailed reports about individual failed emails).

adkim=r

DKIM alignment mode — r (relaxed) or s (strict). Relaxed allows subdomains.

aspf=r

SPF alignment mode — r (relaxed) or s (strict). Relaxed is recommended to start.

Related pages

Email hostingWhat is DNS?What is a firewall?What is SSL?Gmail vs business emailHosting glossary

Mohlo by vás také zajímat

Email Hosting

Professional email on your domain

What is DNS?

The Domain Name System explained

What is a firewall?

Protecting a server from attacks

Email setup guide

How to set up email on a domain

Máte dotaz?

Náš tým je k dispozici 24/7. Zavolejte nám nebo nám napište.

Zavolejte námOdeslat zprávu

Připraveni spustit svůj web?

SSL ochrana
Rychlost
Podpora 24/7

Připojte se k více než 4 000 spokojeným zákazníkům. Bezplatná migrace a 15denní záruka vrácení peněz.

Vyberte tarifKontaktujte nás
15denní záruka vrácení peněz
Bezplatná migrace15denní zárukaPodpora 24/7

Frequently asked questions about DMARC

Odpovědi na nejčastější dotazy o našich službách.

DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email security protocol that protects your domain from fake emails. It tells email servers what to do when they receive an email that claims to come from your domain but fails the SPF or DKIM check — whether to let it through, send it to spam, or reject it.

Yes, DMARC is important for every domain that sends email. Without DMARC, someone can send fake emails from your domain (email spoofing) and use your brand for phishing attacks. Since 2024, Google and Yahoo require DMARC for sending more than 5,000 emails per day.

SPF defines which servers are allowed to send email from your domain. DKIM adds a digital signature to every email that confirms the content has not been altered. DMARC combines both and defines the policy — what to do with emails that fail the SPF and/or DKIM check.

It is recommended to start with p=none (monitoring only) to track reports and identify the legitimate services that send email from your domain. After 2-4 weeks, move to p=quarantine (spam folder), and then to p=reject (full rejection of fake emails).

Add a TXT DNS record: _dmarc.yourdomain.com with a value such as "v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com". Before that, make sure you have valid SPF and DKIM records. BeoHosting automatically configures SPF and DKIM for all email hosting accounts.

Naše záruky pro váš klid

Chráněni ze všech stran

15denní záruka

V prvních 15 dnech vracíme peníze bez otázek.

Bezplatná migrace

Váš web přemigrujeme bez výpadku — vy neuděláte nic.

Podpora 24/7

Naši odborníci jsou tu 24/7 prostřednictvím ticketů a live chatu.