What is DMARC and what policy should I use?
DMARC (Domain-based Message Authentication) tells receiving servers what to do if SPF or DKIM fails. Start with p=none (monitor only), then increase to p=quarantine (send to spam), and eventually p=reject (block completely) once you're confident in your setup.
Verify This Answer
Cross-check this information using these trusted sources:
More FAQs in Email Domain Setup for Node.js MX Records, SPF, DKIM, and DMARC
MX records (mail server for receiving), SPF (TXT record listing authorized sending servers), DKIM (CNAME or TXT for email signing), and DMARC (TXT record with policy for failed authentication). All four are needed for reliable email delivery.
SPF (Sender Policy Framework) is a TXT record that lists which servers are allowed to send email from your domain. Without SPF, email providers may send your emails to spam or block them entirely. Example: v=spf1 include:amazonses.com ~all
DKIM (DomainKeys Identified Mail) adds a digital signature to your emails using a public-private key pair. The public key is in your DNS, and the private key signs each email. This proves the email is genuinely from your domain and wasn't tampered with.
Still have questions?
Browse all our FAQs or reach out to our support team
