Domain-based Message Authentication, Reporting, and Conformance aka DMARC is a DNS-based email security policy that allows you to monitor your domains' SPF and DKIM performances, on top of that, it also allows you to tell mailbox providers how to handle your email if it fails authentication (if SPF and/or DKIM fails).
The main reason to implement DMARC is to prevent spoofing and protect your domain if it gets breached (if someone that is not you starts sending from your domain), but it also:
- Authenticates your domain, giving a positive signal to the Mailbox Providers,
- Enables you (with the forensic and aggregate DMARC reports) to keep a close eye on the emails sent from your domain,
- Is a requirement if you want to get BIMI on your emails.
The Infrastructure feature of Everest allows you to monitor your domains using DMARC and you can also set up alerts if your DMARC compliance deviates (if you suddenly have an increase in DMARC failure on your domain for example which could be a sign of your domain being breached).
You can see below what the data looks like in Everest:
What is your experience with DMARC? Is it something you are looking at when monitoring the health of your domain?
