Email health
DMARC
Without DMARC enforcement, anyone can send mail that looks like it's from your domain. Apple, Google, Microsoft, and Yahoo now require it for bulk senders.
What it is
Domain-based Message Authentication, Reporting & Conformance — RFC 7489. Tells receiving mail servers how to handle mail that fails SPF or DKIM checks (none/quarantine/reject) and where to send aggregate reports.
Why it matters
As of February 2024, Gmail and Yahoo require DMARC for senders pushing 5K+ messages/day. A `p=none` policy is data-collection only — `quarantine` or `reject` is real enforcement.
Who it applies to
Every domain that sends email — and every domain that doesn't (to prevent spoofing).
How WQI scores it
Web Quality Index considers this standard satisfied when all of the 2 supporting factors pass.
| # | Factor | Status |
|---|---|---|
| 1 | DMARC enforcement | live |
| 77 | DMARC aggregate reporting enabled (rua=) | live |
Related standards
Standards that share factors with this one
Auto-computed from overlapping factor tickets in satisfiedBy, excluding standards already listed under "See also" above. Strong overlap suggests these standards rise and fall together when sites are scored.
Other references
- guidance DMARC.org overview
- guidance M3AAWG sender best practices
- guidance Google + Yahoo bulk-sender requirements (2024)
Examples
_dmarc.example.com. IN TXT "v=DMARC1; p=reject; rua=mailto:dmarc-reports@example.com; ruf=mailto:dmarc-forensics@example.com; fo=1; adkim=s; aspf=s; pct=100"p=reject is real enforcement. rua= captures aggregate reports so you can spot spoofing attempts and forwarder breakage.
Implementation guidance
- Cloudflare Cloudflare Email Security DMARC Management
- Google Workspace Add a DMARC record (Google Admin Help)
- Microsoft 365 Use DMARC to validate email in Microsoft 365
- Generic DMARC.org deployment guide