DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a tool that helps protect email domains from being used for spam or phishing. One of the key parts of DMARC is policy discovery, which is how an email receiver finds out what the sender’s DMARC policy is. Here’s a simple explanation of how it works.

Finding the DMARC Policy

DMARC policies are stored in DNS (Domain Name System) TXT records. The DNS is like a phone book for the internet. It translates domain names (like into IP addresses that computers can understand.

To find the DMARC policy for a particular email, the email receiver does the following:

  1. Checks the sender’s domain: The receiver looks at the domain of the sender (the part of the email address after the ‘@’ symbol) and checks the DNS for a DMARC TXT record for that domain.
  2. Ignores irrelevant records: Any records that don’t start with ‘v=’ (which identifies the version of DMARC) are ignored.
  3. Checks the organizational domain: If no DMARC record is found for the sender’s domain, the receiver checks the DNS for a DMARC TXT record for the organizational domain. This is the part of the domain after the first dot. For example, in the domain ‘’, the organizational domain is ‘’.
  4. Ignores irrelevant records: Again, any records that don’t start with ‘v=’ are ignored.
  5. Stops if there are no or multiple records: If there are no records or multiple records left, the receiver stops looking for the DMARC policy and doesn’t apply DMARC to the email.
  6. Handles invalid records: If a record doesn’t contain a valid ‘p’ tag (which specifies the DMARC policy) or ‘sp’ tag (which specifies the DMARC policy for subdomains), the receiver either treats the record as if it had a ‘p=none’ policy (which means do nothing) if there’s a valid ‘rua’ tag (which specifies where to send reports), or doesn’t apply DMARC to the email.

If the receiver can’t find a DMARC policy record, it doesn’t apply DMARC to the email. If there’s an error when looking up the DMARC policy record, the receiver can decide what to do. For example, it could deliver the email anyway or temporarily reject the email and try again later.

Remember, this is a simplified explanation. In reality, DMARC policy discovery involves a lot of complex processes and technologies. But hopefully, this gives you a basic understanding of how it works.

Was this helpful?

0 / 0

Leave a Reply 0

Your email address will not be published. Required fields are marked *