Page tree
Skip to end of metadata
Go to start of metadata


Not sure which domains must have a DMARC record.


DMARC records can be placed on the organisational domain as well as on subdomains. A subdomain that has no DMARC record inherits its DMARC record from the organisational domain. It is recommended to place a DMARC record on every organisational domain.

The correct answer is in RFC7489 Section 3.1

DMARC authenticates use of the RFC5322.From domain by requiring that
it match (be aligned with) an Authenticated Identifier. The
RFC5322.From domain was selected as the central identity of the DMARC
mechanism because it is a required message header field and therefore
guaranteed to be present in compliant messages, and most Mail User
Agents (MUAs) represent the RFC5322.From field as the originator of
the message and render some or all of this header field's content to
end users.

Also RFC7489 Section 2.2 mentions to be "out of scope":

  • evaluation of anything other than RFC5322.From;


From-address naming table

Postal LetterEmail PartPrecise TermLoose phrasing
Sender on envelopeMessage EnvelopeRFC5321.MailFromBounce address (Returnpath)
Addressee on envelopeMessage EnvelopeRFC5321.RcptToRecipient
Sender on letterMessage HeaderRFC5322.FromSender address