What DMARC does
DMARC extends Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) by providing a policy framework for receiving mail servers. It allows domain owners to specify what should happen to emails failing SPF and DKIM checks – essentially, whether they should be accepted, quarantined, or rejected. Crucially, DMARC introduces the concept of alignment, ensuring the 'From' address matches the domain being authenticated. Reports are generated, providing aggregate data and forensic details on email sending activity.
DMARC in Australian tenants today
A common AU rollout strategy begins with a ‘p=none’ policy for approximately two weeks, allowing organisations to monitor email flow and identify unexpected sending sources (often termed ‘shadow senders’). Following this, a gradual shift to ‘p=quarantine’ with a low percentage (e.g., 25%) is recommended, eventually progressing to ‘p=reject’. This phased approach minimises disruption. The ACSC Essential Eight strongly recommends implementing DMARC to mitigate phishing risks, and many AU organisations are adopting this staged implementation to meet that expectation.