Understanding DMARC

Last updated at:


DMARC is a protocol designed to give domain owners the ability to protect their domain from unauthorized users sending emails, commonly known as email spoofing. In this article, you will learn more about DMARC and how to make your emails DMARC compliant.


DMARC stands for domain-based message authentication, reporting, and conformance. It is a protocol that uses SPF and DKIM to determine the authenticity of an email. DMARC can tell a receiving server how to accept an email from a particular sender (e.g., deliver to the inbox, filter as spam, etc.).

DMARC acts on a message when SPF and DKIM fail. It unifies DKIM and SPF, and tells your server what to do if it receives a suspicious email. Also, it ensures that you receive information about forged emails sent in your name.

The Importance of DMARC

DMARC helps to protect your domain from email spoofing. Phishers use this technique to impersonate a company and obtain login credentials, personal data, or other confidential information from recipients. For example, a malicious sender may use a sender email address like billing@example.com, despite not being related to example.com at all.

That said, a DMARC policy can help protect you from spoofing. You can indicate to inbox providers that your messages are protected by SPF and DKIM and tell them to take actions if either of those authentication methods do not pass. Inbox providers may then place the spoofed emails in the spam folder or block them outright depending on the policy in place. DMARC thus limits your exposure to potentially fraudulent and harmful messages. It also provides a way for inboxes to report back to you about any emails that pass or fail DMARC evaluation.

Learn more about DMARC.

Making Your Klaviyo Emails DMARC Compliant

DMARC only comes into play when the domain incorporating it is used in a sender email address (i.e., from-address). It impacts inbox placement when the sending domain differs from the said from-address domain. This misalignment typically impacts accounts using Klaviyo’s default shared sending domain to send emails that have a from-address domain with a DMARC policy on it. That said, accounts with dedicated sending domains may also be impacted.

In order to be DMARC compliant, your account will need to set up a matching dedicated sending domain. For example, if you send an email using sales@example.com as the from-address, where example.com is protected by DMARC, your account will need to use a dedicated sending domain like send.example.com for all emails sent from Klaviyo to meet DMARC authentication requirements.

Setting Up DMARC

DMARC is not a Klaviyo-specific policy and is a change made outside of Klaviyo. That said, DMARC non-compliance can impact your sending with Klaviyo, as well as with other email service providers.

A DMARC policy can be placed as a TXT record on a domain's DNS control panel. For instructions on how to set up DMARC for your domain, we recommend reading the following resources:

Additional Resources

Was this article helpful?
24 out of 40 found this helpful