A DMARC record is a DNS TXT record for a subdomain named _dmarc on any senderdomain.
DMARC records can be placed on the organisational domain as well as on subdomains. A subdomain that has no DMARC record inherits its DMARC record from the organisational domain. It is recommended to place a DMARC record on every organisational domain.
The main purpose for DMARC is to set a policy (p). This policy contains the action that should take place when unauthenticated mail from this domain is received (and in no other case). The options are: Only by using the reject policy can a domain be fully protected.
Only by using the reject policy can a domain be fully protected.
A secondary functionality of DMARC enables ISPs to send reports about the authentication success or failure for a domain. Those reports are sent to the addresses defined in two switches: