What is DMARC?
DMARC is an email authentication protocol that builds on SPF and DKIM. It tells receivers what to do when authentication fails and where to send reports.
What do the policies mean?
"none" monitors without action. "quarantine" sends failures to spam. "reject" blocks failures entirely. Start with "none" and progress to "reject".
What are rua and ruf?
rua (aggregate reports) provides daily summaries of authentication results. ruf (forensic reports) sends details of individual failures.
Does DMARC require SPF and DKIM?
DMARC requires at least one of SPF or DKIM to pass with alignment. Having both provides better protection.
What is alignment?
Alignment means the domain in the From header matches the domain authenticated by SPF or DKIM. DMARC can require strict (exact) or relaxed (includes subdomains) alignment.
How long to reach p=reject?
Start with p=none to collect reports, analyze for issues, then progress through quarantine to reject. Typically 4-8 weeks with proper monitoring.