DMARC, which stands for "Domain-based Message Authentication, Reporting & Conformance," is an email authentication, policy, and reporting protocol. It builds on the widely deployed SPF and DKIM protocols, adding linkage to the author ("From:") domain name, publishing policies for recipient handling of authentication failures, and reporting from receivers to senders to improve and monitor the protection of the domain from fraudulent email.
DMARC is a way to make it easier for email senders and receivers to determine whether a given message is legitimately from the sender and what to do if it is not. This makes it easier to identify spam and phishing messages and keep them out of people's inboxes.
DMARC is a proposed standard that allows email senders and receivers to cooperate in sharing information about the email they send to each other. This information helps senders improve the mail authentication infrastructure to authenticate all their mail. It also gives the legitimate owner of an Internet domain a way to request that illegitimate messages such as spam, spoofing or phishing to be put directly in the spam folder or rejected outright.
DMARC policy allows a sender to indicate that their messages are protected by Sender Policy Framework (SPF) and/or DKIM and tells a receiver what to do if neither of those authentication methods passes – such as junk or rejecting the message. DMARC removes the guesswork from the receiver's handling of these failed messages, limiting or eliminating the user's exposure to potentially fraudulent and harmful messages. DMARC also provides a way for the email receiver to report to the sender about messages that pass and/or fail DMARC evaluation.