LogoSimply SendDOCS
    GuideDomain VerificationDMARC

    DMARC Policy

    DMARC (Domain-based Message Authentication, Reporting, and Conformance) provides the final layer of protection for yourdomain.com.

    How DMARC Works

    DMARC ties SPF and DKIM together. It allows you to specify a "policy" that tells receiving servers what to do (monitor, quarantine, or reject) if an email claiming to be from your domain fails both SPF and DKIM authentication.

    Prerequisites

    Before setting up DMARC, you must ensure that SPF and DKIM are fully verified. If you publish a strict DMARC policy before setting up SPF and DKIM, legitimate emails from your domain will automatically fail authentication and be blocked or sent to spam.

    Step 1: Get Your DMARC Policy

    Log in to Simply Send, go to the Domains page, select your domain, and navigate to the DNS Records page. Under the Email Authentication section, you will find your pre-generated DMARC policy.

    Step 2: Add DMARC Record

    DNS Record Type & Name

    Type: TXT

    Name/Host: _dmarc.yourdomain.com

    Why It's Needed

    DMARC ties SPF and DKIM together. It protects your domain from unauthorized use (spoofing) by dictating to receiving servers exactly what they should do (monitor, quarantine, or reject) if an email claiming to be from your domain fails both SPF and DKIM authentication checks.

    How to Update It

    Log in to your domain registrar or DNS provider, navigate to DNS settings, and add a new TXT record for the host _dmarc. Copy the exact policy generated in your dashboard:

    v=DMARC1; p=reject;

    Why are we using p=reject?

    The generated policy defaults to p=reject, which is the strictest possible protection. It tells Google and Microsoft to completely drop any email claiming to be from your domain that fails SPF/DKIM. This instantly stops spoofing, but means you cannot afford typos in your SPF/DKIM sets!

    Policy Levels (`p=`)

    p=none

    Monitor only. Emails are delivered as usual, but you receive reports on who is sending mail using your domain.

    p=quarantine

    Soft fail. Emails that fail authentication are sent to the recipient's spam folder.

    p=reject

    Hard fail. Emails that fail authentication are blocked entirely and never reach the recipient.

    Step 3: Verify and Enable

    Wait for Propagation

    DNS changes can take anywhere from a few minutes to 24 hours to update globally.

    Enable in Console

    Once the DNS check passes, click "Verify" in your Simply Send dashboard to activate DMARC.

    Domain Setup Complete!

    You have successfully configured SPF, DKIM, DMARC, and Delivery/Tracking records. Your domain is now fully authenticated, protected from spoofing, and ready for high-volume sending.

    Send Your First Email