Understanding DMARC: A Guide for Business Owners

04/09/2025

Letterbox with a @ handle and a "No Spam" sign

If you run a business and use email to communicate with customers, protecting your domain from email fraud is essential. DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a powerful tool that helps prevent scammers from sending fake emails using your domain. This guide explains what DMARC is, how to set it up, and compares popular DMARC tools to help you choose the right solution.

Table of Content

What is DMARC?

DMARC is a security protocol that helps stop email spoofing and phishing. It works with two other systems—SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail)—to verify that emails sent from your domain are legitimate. DMARC tells email providers what to do when they receive suspicious messages that fail these checks.

Why should I care about this?

In February 2024, Google and Yahoo Mail announced that bulk email senders must have a valid DMARC policy in place otherwise their emails would not be delivered any more. In May 2025, Microsoft followed suit with a similar rule.

While “bulk email senders” refer to businesses sending 5,000+ email per day, I think that it’s only a question of time until these 3 major email providers apply the same rule to everyone.

And it’s possible that other email systems used by your clients, your partners or your suppliers already have stricter email filtering rules.

How to Set Up DMARC

Setting up DMARC is quite technical and you may need help from your IT provider or hosting company.

1. Make sure that SPF and DKIM records are configured

With SPF, you define which servers are allowed to send your emails.

DKIM digitally signs your emails so that the recipient can confirm that they really come from you.

Both SPF and DKIM should be defined with a TXT record in your DNS records.

Log in to the system managing your DNS records. For simple websites, this may be the cPanel account at your web hosting company. See the example below:

Screenshot of a cPanel Zone Editor showing the SPF and DKIM records

To confirm that these records work, send a test email from your business address. Then display the “original message” (Gmail) or the “raw message” (Yahoo! Mail). SPF and DKIM tests should show “PASS”, as you can see in the example below:

Email header showing that SPF and DKIM tests passed but DMARC failed

2. Set up DMARC reports

Before you create a DMARC record, I suggest to find a DMARC reporting tool, as known as DMARC analyser. This is because you will need to know where to send email reports. You could send these reports to your own email address but you would have trouble to make any sense of them. That’s why it’s better to use a DMARC analyser at least for a few months.

If your business doesn’t send more than a few thousands emails per month, I suggest to register a free account with one of the well known DMARC reporting apps (see below).

In this example, I use Eunetic. This website doesn’t have the best User Interface but reports are clear and easy to understand. When you add your domain name, it tells you what to add to the TXT record in your DNS:

v=DMARC1 means it’s a DMARC record.
p=none means emails that emails from your domain are always delivered, even if they’re not legitimate. Keep this policy for a few months until you’re certain all your email systems are set in the SPF and DKIM records.
rua and ruf define where reports are sent to.

Screenshot of the Eunetic website with the suggested value for a DMARC record

3. Create a DMARC record

In your DNS, add a TXT record:

Name (Host): _DMARC.yourdomain.com.au
Record (Value): paste the value from the DMARC analyser
TTL: leave the default value

Screenshot of the cPanel Zone Editor with a new DMARC record

4. Review DMARC Reports

After a day or so, reports will start flowing into the DMARC Analyser. Review these reports at least once a month for a few months.

In this example below:

49 emails were compliant, ie legitimate.
2 emails were non-compliant and need to be reviewed. If they were sent by 3rd party systems that you actively use (eg newsletter, accounting app) then add them to the SPF records and create extra DKIM records.

Screenshot of Eunetic non-compliant reports

5. Tighten your policy

Once you’re confident that all legitimate emails are compliant, you new tighten your DMARC policy.

In your DNS, edit your existing TXT record for DMARC and replace p=none with either:

p=quarantine (mark non-compliant emails as spam)
p=reject (block these emails)

Screenshot of DMARC record where the policy for the domain and sub-domains is set to quarantine

And do the same change for sp=none which is the policy for sub-domains.

I personally prefer to set the policy to quarantine, just in case an app sends an email once in a blue moon.

But do NOT leave your policy to none forever. This may satisfy email providers for now but it won’t stop spammers abusing your email addresses.

Some DMARC Analysers

I’ve tested many reporting apps over the past year and here are some that I recommend because they offer a free tier which may be sufficient for a small business. I excluded apps where reports were not really helpful.

DMARCreport

I use the paid version for all my customers on one of my Website Care plans.

Free tier: up to 10,000 messages per month
Pros: nice dashboard, helpful support team, AI tool to analyse reports, weekly summary email
Cons: can’t see any
Try DMARCreport

DMARCwise

Free tier: up to 1,000 message per month
Pros: reports look technical but are clear
Cons: free tier is not as generous as the other apps
Try DMARCwise

Eunetic

Free DMARC Report Analyzer (their other tools are not free)
Pros: dashboard is simple and clear, no limit as far I’ve found
Cons: reports don’t have as many details as other apps, corporate look
Try Eunetic DMARC Report Analyzer

EasyDMARC

Free tier: up to 1,000 message per month
Pros: very good User Interface, weekly email with detailed stats
Cons: reports are hidden when you exceed the free 1,000 messages/mo, paid plans are expensive
Try EasyDMARC

Postmark DMARC Report

This tools is different because it only sends a weekly email and you can’t log in to check reports.

Free
Pros: no limit, weekly email
Cons: no dashboard
Try PostMark DMARC Report

Cloudflare DMARC Management

Free
Pros: no limit on free Cloudflare account
Cons: you must host your DNS at Cloudflare, not beginner-friendly
Try Cloudflare DMARC Management

Final Thoughts

DMARC helps protect your brand and customers from email scams. Even if you’re not technical, using DMARC with the help of a trusted provider or tool can make a big difference in your email security.

But be very careful because a typo could jeopardise the delivery of your emails.

Image by Gino Crescoli from Pixabay

By Jean Werk