DMARC builds on SPF and DKIM by telling receiving servers what to do with emails
that fail authentication checks. It also enables reporting so you can monitor your
email security.
Status:
{#if dmarcRecord.valid}
Valid
{:else}
Invalid
{/if}
{#if dmarcRecord.policy}
Policy:
{dmarcRecord.policy}
{#if dmarcRecord.policy === "reject"}
Maximum protection — emails failing DMARC checks are rejected.
This provides the strongest defense against spoofing and phishing.
{:else if dmarcRecord.policy === "quarantine"}
Good protection — emails failing DMARC checks are
quarantined (sent to spam). This is a safe middle ground.
Once you've validated your configuration and ensured all legitimate mail
passes, consider upgrading to p=reject for maximum protection.
{:else if dmarcRecord.policy === "none"}
Monitoring only — emails failing DMARC are delivered
normally. This is only recommended during initial setup.
After monitoring reports, upgrade to p=quarantine or
p=reject to actively protect your domain.
{:else}
Unknown policy — the policy value is not recognized. Valid
options are: none, quarantine, or reject.
{/if}
{/if}
{#if dmarcRecord.subdomain_policy}
{@const mainStrength = policyStrength(dmarcRecord.policy)}
{@const subStrength = policyStrength(dmarcRecord.subdomain_policy)}
Subdomain Policy:
{dmarcRecord.subdomain_policy}
{#if subStrength >= mainStrength}
Good configuration — subdomain policy is equal to or stricter
than main policy.
{:else}
Weaker subdomain protection — consider setting
sp={dmarcRecord.policy} to match your main policy for consistent
protection.
{/if}
{:else if dmarcRecord.policy}
Subdomain Policy:
Inherits main policy
Good default — subdomains inherit the main policy ({dmarcRecord.policy}) which provides consistent protection.
{/if}
{#if dmarcRecord.percentage !== undefined}
Enforcement Percentage:
{dmarcRecord.percentage}%
{#if dmarcRecord.percentage === 100}
Full enforcement — all messages are subject to DMARC policy.
This provides maximum protection.
{:else if dmarcRecord.percentage >= 50}
Partial enforcement — only {dmarcRecord.percentage}% of
messages are subject to DMARC policy. Consider increasing to
pct=100 once you've validated your configuration.
{:else}
Low enforcement — only {dmarcRecord.percentage}% of
messages are protected. Gradually increase to pct=100 for full
protection.
{/if}
{:else if dmarcRecord.policy}
Enforcement Percentage:
100% (default)
Full enforcement — all messages are subject to DMARC policy
by default.
{/if}
{#if dmarcRecord.spf_alignment}
SPF Alignment:
{dmarcRecord.spf_alignment}
{#if dmarcRecord.spf_alignment === "relaxed"}
Recommended for most senders — ensures legitimate
subdomain mail passes.
For maximum brand protection, consider strict alignment (aspf=s) once your sending domains are standardized.
{:else}
Maximum brand protection — only exact domain matches are
accepted. Ensure all legitimate mail comes from the exact From domain.
{/if}
{/if}
{#if dmarcRecord.dkim_alignment}
DKIM Alignment:
{dmarcRecord.dkim_alignment}
{#if dmarcRecord.dkim_alignment === "relaxed"}
Recommended for most senders — ensures legitimate
subdomain mail passes.
For maximum brand protection, consider strict alignment (adkim=s) once your sending domains are standardized.
{:else}
Maximum brand protection — only exact domain matches are
accepted. Ensure all DKIM signatures use the exact From domain.
{/if}
{/if}
{#if dmarcRecord.record}
Record:
{dmarcRecord.record}
{/if}
{#if dmarcRecord.error}
Error:
{dmarcRecord.error}
{/if}