What Is DMARC?
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol, defined in RFC 7489, that builds on SPF and DKIM. A domain owner publishes a DMARC policy as a DNS TXT record at _dmarc.yourdomain.com telling receiving servers what to do with messages that fail authentication: p=none (deliver but report), p=quarantine (send to spam), or p=reject (block outright). DMARC adds alignment - the domain in the visible From header must match the domain validated by SPF or DKIM - which is what actually stops direct domain spoofing, since a spammer can pass SPF for their own domain while displaying yours. DMARC also provides reporting: aggregate reports from receivers show who is sending mail claiming to be your domain. Since February 2024, Google and Yahoo require senders of 5,000+ daily messages to publish a DMARC policy, making it a baseline requirement for cold email infrastructure.
DMARC in Practice
In practice, every cold email sending domain gets a DMARC record at setup, typically starting with a minimal policy: v=DMARC1; p=none; rua=mailto:reports@yourdomain.com. The p=none policy satisfies the Google and Yahoo requirement while collecting aggregate reports that reveal whether legitimate mail is failing alignment - a common problem when third-party tools send on the domain's behalf. Once reports confirm all legitimate sources pass, the policy is tightened to quarantine and then reject, which is the correct end state for a company's primary domain since it blocks spoofing. For secondary cold email domains, many operators stay at p=none or move to quarantine, prioritizing not losing their own mail over anti-spoofing hardening on domains that receive little inbound. A concrete failure: a sender sets p=reject on day one, their sending tool signs with a non-aligned DKIM domain, and their entire outbound volume gets rejected by Gmail - self-inflicted zero deliverability. The common misconception is that DMARC improves inbox placement directly. Like SPF and DKIM, it is an identity layer; it removes a reason to distrust you but does not make anyone want your mail.
Related Terms
Want the work done for you? See our Cold Email Agency services.
Learn More