DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol that is designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. It allows a domain owner to publish a policy in their DNS records that specifies which mechanism(s) are used to authenticate email messages sent from their domain, and instructs receiving mail servers on what to do with messages that fail authentication.
DMARC essentially builds on the existing SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail) protocols to provide a more comprehensive way to authenticate email messages. It allows domain owners to specify which mechanisms should be used to authenticate messages sent from their domain, and provides instructions to receiving mail servers on what to do with messages that fail authentication. This includes options such as marking them as failed, quarantining them, or rejecting them outright.
Additionally, DMARC provides a reporting mechanism that allows domain owners to receive feedback on the messages sent from their domain, including information on which messages passed or failed DMARC evaluation, as well as data on the source IPs, message headers, and more. This information can be used to identify potential abuse or misconfigurations, and to make adjustments to the domain’s DMARC policy as needed.
It is important to note that DMARC doesn’t encrypt or sign email, it only authenticate the sender’s domain. It’s a way to protect against phishing and spams.