Skip to main content
All CollectionsExternal Monitoring (Beta)Email Security
Is DMARC enforcing the domain's email security policies?
Is DMARC enforcing the domain's email security policies?

We monitor your DMARC (Domain-based Message Authentication, Reporting, and Conformance) configuration to ensure you have a strong policy that tells receiving servers how to handle suspicious emails from your domain.

Dan McKenzie avatar
Written by Dan McKenzie
Updated this week

What is DMARC?

DMARC acts like a security policy for your email domain. It tells receiving servers what to do with emails that fail security checks and sends you reports about who is using your domain to send emails.

Why It Matters

Without DMARC protection, your domain is vulnerable to:

  • Unauthorized use of your domain for phishing attacks

  • No visibility into who is sending emails as your organization

  • No control over how suspicious emails are handled

  • Reduced trust in emails from your domain

Security Checks

We monitor these aspects of your DMARC configuration:

Is a DMARC record present in the domain's DNS?

Domain-based Message Authentication, Reporting, and Conformance (DMARC) tells receiving servers how to handle emails that fail authentication checks. Without a DMARC record, the domain has no policy enforcement for failed authentications and no visibility into potential email abuse.

Is the DMARC policy set to enforce actions?

The domain's DMARC policy is set to 'none', which only monitors email authentication failures without taking action. This allows potentially fraudulent emails to be delivered while only collecting reports about the activity.

Is the DMARC policy applied to all messages?

The domain's DMARC percentage setting is less than 100%. This means only some messages that fail authentication are subject to the policy, creating inconsistent protection against email spoofing.

Is SPF alignment set to strict mode?

The domain uses relaxed SPF alignment in its DMARC configuration. This allows partial domain matches when verifying SPF results, which may reduce the effectiveness of email authentication.

Is DKIM alignment set to strict mode?

The domain uses relaxed DKIM alignment in its DMARC configuration. This allows partial domain matches when verifying DKIM signatures, potentially making it easier for unauthorized senders to pass authentication.

Industry Standards

DMARC is recommended by:

  • ISO 27001 (Email Security Controls)

  • NIST SP 800-177 (Email Security Guidelines)

  • UK NCSC Email Security Guidelines

  • Google Workspace Security Requirements

  • Microsoft 365 Security Standards

Learn More

Related Articles
Is DKIM protecting the domain's emails from tampering?
Is HSTS enforcing secure connections to your domain?
Is the Content Security Policy (CSP) protecting the domain from malicious code?
Are HTTP security headers protecting the domain?
Did this answer your question?