Domain-based Message Authentication (DMARC)

What is Domain-based Message Authentication (DMARC)?

DMARC is an email authentication standard that builds on SPF and DKIM to tell receivers how to handle messages that fail those checks.

DMARC stands for "Domain-based Message Authentication, Reporting and Conformance". It lets a domain owner publish a policy instructing receiving mail servers what to do with email that fails SPF or DKIM validation, and to receive reports on how their domain is being used to send mail.

How does DMARC work?

A DMARC policy is published as a TXT record in your domain's DNS. When a receiving server gets an email claiming to be from your domain, it checks the SPF and DKIM results, then applies your DMARC policy, which can be one of three actions:

• none: Take no special action, but still send reports (useful for monitoring).
• quarantine: Treat failing messages as suspicious, typically sending them to spam.
• reject: Refuse failing messages outright so they are never delivered.

Why is DMARC important?

DMARC closes a gap left by SPF and DKIM alone, giving you control over what happens to email that fails authentication and helping protect your domain from being used in phishing and spoofing attacks. Major providers such as Gmail and Outlook now expect a DMARC policy on domains that send significant volumes of email.

DMARC and MIDAS

If your MIDAS room booking system sends email from your own domain, configuring DMARC alongside SPF and DKIM gives your booking confirmations and reminders the best chance of reliable inbox delivery.