de en

DKIM and sender domains: DMARC

Domain settings have a significant influence on your delivery rates. Incoming mail servers therefore pay particular attention to these entries to ensure that the authenticity of a newsletter is verified and the recipient is protected against phishing as well as spoofing. This method relies on the SPF and DKIM entries of your domain. If one of them is invalid, the incoming mail server decides what to do with the newsletter according to its own policies. Some providers therefore move it directly to the spam folder, others do not deliver it at all.

Ensure newsletter delivery

The DMARC policy of your domain tells the incoming mail server what to do with a newsletter that is not genuine. In addition to valid SPF and DKIM entries, a DMARC policy should therefore also be set for your domain. Otherwise, the delivery of your newsletters will be significantly impacted since they might get rejected automatically.

You'll find simple examples of DMARC policies in the DKIM and sender domains menu. The following parameters are possible:

  • none: No action is taken if a newsletter appears suspicious
  • quarantine: Suspicious newsletters are moved to the recipient's spam folder
  • reject: Suspicious newsletters are immediately rejected so that the recipient does not receive them

Advanced settings

DMARC was developed to protect your recipients. To take full advantage of this protection, you should also set up advanced DMARC policies. The following settings were designed for this purpose:

  • adkim/aspf (DKIM alignment/SPF alignment): Accuracy when checking DKIM/SPF entries
  • sp (subdomain policy): Defines the behavior for subdomains
  • fo (failure reporting): Enables reports on failed DKIM and/or SPF checks
  • ruf/rua/rf/ri: Defines contents, interval and recipient for reports
  • pct (percentage): Percentage of total incoming newsletters where the DMARC check gets applied

Risks of DMARC policies

While none and quarantine leave it up to your recipients to reject suspicious newsletters or not, reject prevent this situation completely. So with the reject parameter, you theoretically protect your recipients from fake newsletters in your name. In practice, however, there are some cases where even valid newsletters do not pass the DMARC check. This can occur in particular with automatically forwarded emails.

We therefore recommend starting with none or quarantine and monitor the opening behavior with the help of reports over a longer period of time. This will ensure that all special cases are known before implementing stricter policies.


The analysis of DMARC reports helps you to improve your policies. All you need is a dedicated mailbox. As soon as it is defined in the related policy, you should receive your reports. Once these are available, we recommend aggregating them using data analysis tools (like dmarcian or DMARC Advisor) since these are specifically designed for DMARC uses and provide a clear overview for potential policy improvements.