Home / Tools / Implement DMARC policy to prevent email spoofing
Email Deliverability · Scan Check Guide

Implement DMARC policy to prevent email spoofing

30 min Impact: high Effort: medium ✓ Scan-verified — no manual checkbox

DMARC tells receiving mail servers what to do when an email claiming to be from your domain FAILS SPF or DKIM checks — without it, even with SPF and DKIM correctly set up, there's no enforcement, and spoofed email can still land in recipients' inboxes.

DMARC tells mail servers what to do when SPF or DKIM fails. Without it, your domain is completely unprotected against email spoofing. Gmail and Yahoo now require DMARC — without it your emails may be rejected entirely.

How to fix it

  1. 1
    Confirm SPF and DKIM are already set up
    DMARC builds on top of both — it needs at least one of them correctly configured to function meaningfully.
  2. 2
    Start in monitor mode
    v=DMARC1; p=none; rua=mailto:[email protected] — this collects reports without blocking anything, so you can see what's happening before enforcing.
  3. 3
    Review reports for a few weeks
    DMARC reports show you every source sending email as your domain — confirm everything showing up is actually legitimate.
  4. 4
    Move to enforcement
    Once confident, tighten to p=quarantine (suspicious mail goes to spam) and eventually p=reject (blocked outright) as your confidence grows.

Common mistakes

How you'll know it's done

A DMARC record exists, reports are being reviewed, and policy has progressed from monitor-only toward enforcement.

Tools that help

H.I.V.E. checks this automatically

Fix it, then re-scan — the check confirms itself. No manual checkbox, the scan is the truth.

Run this check in H.I.V.E. →