ValidEmailChecker

What is DMARC and why does Gmail now require it?

Last updated May 19, 2026Deliverability

DMARC stands for Domain-based Message Authentication, Reporting & Conformance. It is the third leg of the email authentication stack. SPF says "this IP is allowed." DKIM says "this message is signed." DMARC says "here is what to do with mail that fails either check, plus please send me reports about who is trying to spoof me."

What DMARC actually does

DMARC is a single TXT record at _dmarc.yourdomain.com that does two things:

  • Sets a policy. When mail fails SPF and DKIM, what should the receiver do? p=none means do nothing (just observe). p=quarantine means deliver to spam. p=reject means refuse outright.
  • Requests aggregate reports. Receivers send daily XML reports to an address you specify (rua=mailto:dmarc-reports@yourdomain.com) listing every source that sent mail claiming to be from your domain.

Why Gmail and Yahoo now require it

In early 2024, Google and Yahoo announced that bulk senders (anyone sending over 5,000 messages per day to Gmail or Yahoo users) must publish a DMARC record. Senders without DMARC routinely get marked spam or rejected. The pressure to authenticate has only increased since.

Even below the bulk threshold, having a DMARC record meaningfully improves deliverability. Microsoft has not made it a hard requirement but treats DMARC-authenticated senders preferentially. The trend is one-directional.

The three policy modes

  • `p=none` is monitoring mode. Reports come in. No enforcement happens. Right starting point because it lets you see what is happening before you risk blocking legitimate mail.
  • `p=quarantine` sends failed mail to spam folders. Right intermediate step once your reports look clean.
  • `p=reject` bounces failed mail outright. Right end-state once you are confident every legitimate sender is authenticating correctly.

Almost everyone starts at p=none, watches reports for a few weeks, fixes any failing legitimate senders, then progresses to p=quarantine and eventually p=reject. Jumping to p=reject immediately is a great way to block your own marketing campaigns.

Where to start

Check your current DMARC posture with our free DMARC record checker. If you do not have one yet, the DMARC record generator builds one for you with a sensible starting policy of p=none and reporting addresses configured. See also the progressive DMARC policy guide.

Related questions

What is an SPF record and why does it matter for email deliverability?
What is DKIM and how does it authenticate your email?
How to set up DMARC with a progressive policy (none → quarantine → reject)
How to set up an SPF record for your domain (step by step)
Back to all FAQs

Still stuck? Email support