DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol defined in RFC 7489 that builds upon SPF and DKIM to provide protection against email spoofing and phishing attacks.

What are RUA and RUF reports?

RUA (Aggregate Reports) provide daily summaries of email authentication results, while RUF (Forensic Reports) provide real-time failure reports with message samples when DMARC authentication fails.

How does DMARC prevent phishing?

DMARC prevents phishing by authenticating email messages using SPF and DKIM, then applying policy actions (none, quarantine, or reject) to messages that fail authentication, preventing spoofed emails from reaching recipients.

RFC 7489 DMARC Compliance Guide | Complete Implementation & Best Practices

Understanding RFC 7489

RFC 7489 defines DMARC (Domain-based Message Authentication, Reporting and Conformance), an email authentication protocol that builds upon SPF (RFC 7208) and DKIM (RFC 6376) to provide domain-level protection against email spoofing and phishing attacks.

Key DMARC Benefits

Prevents email spoofing and phishing attacks
Improves email deliverability and sender reputation
Provides visibility into email authentication results
Enables gradual deployment with policy progression
Protects brand reputation and customer trust

DMARC Policy Implementation

1. SPF Record Setup

Ensure your SPF record is properly configured before implementing DMARC:

v=spf1 include:_spf.google.com include:mailgun.org ~all

2. DKIM Configuration

Configure DKIM signing for your email service provider and publish the public key:

selector._domainkey.example.com IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQ..."

3. DMARC Record Deployment

Start with a monitoring policy and gradually move to enforcement:

Phase 1 - Monitoring (p=none)

v=DMARC1; p=none; rua=mailto:dmarc@example.com; ruf=mailto:dmarc@example.com; sp=none; adkim=r; aspf=r;

Phase 2 - Quarantine (p=quarantine)

v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com; ruf=mailto:dmarc@example.com; sp=quarantine; adkim=s; aspf=s; pct=25;

Phase 3 - Reject (p=reject)

v=DMARC1; p=reject; rua=mailto:dmarc@example.com; ruf=mailto:dmarc@example.com; sp=reject; adkim=s; aspf=s;

RUA and RUF Reporting

RUA Reports (Aggregate)

Daily summary reports
Statistical overview of authentication results
Volume and source IP information
SPF and DKIM alignment data
Disposition actions taken

RUF Reports (Forensic)

Real-time failure notifications
Individual message samples
Detailed authentication failure reasons
Headers and message content
Privacy considerations apply

Compliance Best Practices

⚠️ Common Compliance Pitfalls

Jumping directly to p=reject without monitoring
Insufficient SPF record coverage
Missing DKIM signatures on legitimate email
Incorrect alignment mode configuration
Not monitoring RUA/RUF reports regularly

Implementation Checklist

SPF record published and validates all legitimate sending sourcesDKIM signing enabled for all outbound email streamsDMARC record published with p=none for monitoringRUA and RUF reporting configuredReport analysis process establishedGradual policy enforcement (none → quarantine → reject)

Advanced Configuration

Subdomain Policy

Configure different policies for subdomains using the sp tag:

v=DMARC1; p=reject; sp=quarantine; rua=mailto:dmarc@example.com;

Alignment Modes

Relaxed (r): Allows subdomain alignment (default)
Strict (s): Requires exact domain match

Percentage-based Enforcement

Use the pct tag to gradually enforce policy on a percentage of messages:

v=DMARC1; p=quarantine; pct=25; rua=mailto:dmarc@example.com;