What is dmarc

DMARC stands for Domain-based Message Authentication, Reporting and Conformance

DMARC is a combination of two standard authentication and encryption tools, plus an added layer of telemetry. DMARC is always used with SPF (Sender-Policy Framework) and DKIM (Domain Keys Identified Mail).

Both SPF and DKIM are standards for email authentication checks. Servers, domain names, domain alignment, public and private keys, DNS records, IP addresses, API integration, aggregate and forensic reporting and cryptography, are all involved in DMARC.

Emails coming from a server linked to the domain owner and authorized IP addresses are able to be verified using SPF, and DKIM uses an encryption key and digital signatures to verify that an email message has not been altered or faked.

All organisations should seek to have a p=reject DMARC policy. This ensures complete protection for recipients of an organisation’s email because the p=reject policy ensures that unauthorized email doesn’t get delivered at all.

What is SPF (Sender Policy Framework) and what does it have to do with DMARC?

SPF is an email authentication check of where an email has come from. The owner of a domain name authorises which IP addresses are permitted to send email for that name. When an email is received by a server, it can be verified as coming from an authorized source if it comes from an IP address allowed by the name owner.

DMARC relies on SPF for email authentication of the sender, and it ties SPF and DKIM together with a set of policies that determine what should happen with the email if it does not pass SPF or DKIM authentication.

What is DKIM (Domain Keys Identified Mail) and what does it have to do with DMARC?

DKIM is an email authentication check to verify that the message has not been tampered with, the headers of the message haven’t changed and that the sender is the legal owner of the domain or authorized by the owner to send on their behalf.

An encryption key and digital signature are attached to every message sent from an authorized list of addresses and these are used to verify that the email message was not altered or faked. These tools give 100% certainty that both the sender and the message are authentic.


SPF, DKIM and DMARC when configured properly proves that an email sender is legitimate and the message has not been compromised, ensuring that only emails that have passed these authentication checks reach an inbox, with all others rejected for delivery.

What is BIMI?

BIMI (Brand Indicators for Message Identification) is an email authentication protocol, that is additional to DKIM, SPF and DMARC. You cannot have BIMI unless you have DMARC and operate at a p=reject or p=authenticate level.

BIMI enables a company’s logo to be shown in the recipients inbox next to the email message. This improves brand recognition and lets recipients of the mail know that it is from a legitimate sender. And it gives companies a means to ensure their email has instant brand recognition and credibility.

BIMI also lets the receiving servers authorise legitimate emails as it adds a corresponding DNS record. It acts as an extra anti-email fraud measure against spoofing, phishing and impersonation. The BIMI protocol has protection against illegitimate senders spoofing logos, making it an extremely powerful protection tool for companies committed to the security and safeguarding of stakeholders – employees, customers, partners.

With BIMI cyber criminals cannot copy or display the logo in a recipient’s inbox, because their fraudulent mail will not be approved and will never reach the inbox. This means that recipients can confidently associate emails accompanied by a company’s logo as trustworthy, because BIMI is only possible with the strongest authentication protocols in place.


We have made these tools available for you to use, and see how secure and safe your environment really is.

No ACF Fields Found