Email authentication
Delegate to Marc.
From p=none to p=reject — without breaking a single legitimate email.
Marc is your DMARC copilot. He finds every sender, writes the exact DNS, and tells you the moment it's safe to enforce.
The policy that decides
Aligns SPF and DKIM with the visible From: domain, tells receivers what to do with unauthenticated mail, and sends back reports.
Learn more →SPFWho is allowed to send
Publishes in DNS the list of servers allowed to send for your domain. Checked against the envelope (Return-Path).
Learn more →DKIMThe signature that proves
Signs each message with a private key; the receiver verifies the signature via the public key published in your DNS.
Learn more →Why it matters
Without authentication, anyone can write From: you@your-domain.com. That is the playground of phishing and brand impersonation. SPF and DKIM provide the technical proof; DMARC ties them to the domain the user actually sees and forces a decision.
The right rollout order: publish SPF and DKIM, observe at p=none through aggregate reports, fix your legitimate sources, then tighten to quarantine and finally reject.