Support Documentation




Fraud Protection Services

DMARC for Mailbox Providers


DMARC, a move towards the end of phishing.

Take further steps to prevent phishing and other forms of messaging abuse and fraud, by implementing a powerful standard for email authentication.

The Domain-based Message Authentication, Reporting & Conformance (DMARC) specification, co-developed by Return Path and a consortium of email senders, mailbox providers and security vendors, is focused on putting an end to phishing attacks and other forms of fraud. By leveraging existing email authentication technologies SPF and DKIM, DMARC lets email senders work directly with you to quarantine or reject any email that is not appropriately authenticated. DMARC also provides you with a mechanism for providing feedback to email senders on the health of their email authentication program.

A DMARC policy allows a sender to indicate within its DNS record that its email is protected by SPF and/or DKIM and then specify to a receiver what to do if neither of those authentication methods passes, such as quarantine or reject the message. Referencing a sender’s DMARC policy removes the guesswork from the receiver’s handling of these failed messages, limiting or eliminating domain spoofing and the end-user’s exposure to potentially fraudulent and harmful messages.

Additional benefits:

  • Block unauthenticated emails at the gateway to decrease phishing attacks.
  • Eliminate guesswork on how to handle non-authenticated email.
  • Provide feedback (aggregated and forensic reports) to domain owners on email that fails authentication.
  • Decrease spam and improve your ability to deliver legitimate email.