Skip to content
DDMARC
The DDMARC Library
Established 2026
A field guide · Email authentication

Email
authentication,
explained.

Vol. 01 · Issue 01
Recommended starting point
Core concept5 min readUpdated April 2026

What is DMARC?

Begin here. Learn how DMARC protects your domain from email spoofing and phishing attacks with policy-based authentication.

Read the essay
I.Section one

Core concepts

The foundational protocols every domain owner should understand — what they do, how they fit together, and where they come up short.

  1. II
    Core concept5 min read

    What is SPF?

    Understand Sender Policy Framework (SPF) and how it authorizes mail servers to send email on behalf of your domain.

  2. III
    Core concept5 min read

    What is DKIM?

    Learn how DomainKeys Identified Mail (DKIM) uses cryptographic signatures to verify email authenticity.

  3. IV
    Core concept5 min read

    DMARC Aggregate Reports Explained

    Understand DMARC aggregate (RUA) reports — what they contain, how to read them, and why they matter for email security.

  4. V
    Core concept5 min read

    DMARC Forensic Reports Explained

    Learn about DMARC forensic (RUF) reports — detailed failure reports that help investigate individual authentication failures.

  5. VI
    Core concept5 min read

    DMARC Alignment Explained

    Understand DMARC alignment — how SPF and DKIM domain alignment determines whether emails pass DMARC checks.

  6. VII
    Core concept5 min read

    What is BIMI?

    Learn how Brand Indicators for Message Identification (BIMI) displays your brand logo in email inboxes.

  7. VIII
    Core concept5 min read

    What is TLS-RPT?

    Understand TLS Reporting (TLS-RPT) and how it monitors the security of email transport encryption.

  8. IX
    Core concept5 min read

    What is ARC?

    Learn how Authenticated Received Chain (ARC) preserves email authentication results across forwarding hops.

  9. X
    Core concept5 min read

    What is MTA-STS?

    Understand MTA Strict Transport Security (MTA-STS) and how it enforces TLS encryption for inbound email.

II.Section two

Comparisons

Side-by-side breakdowns — when each protocol matters, how they differ, and which one you actually need to deploy first.

  1. 01
    Comparison4 min read

    DMARC p=none vs p=reject: Which Policy Should You Use?

    Compare DMARC policy options — understand when to use p=none for monitoring and when to enforce p=reject for protection.

  2. 02
    Comparison4 min read

    SPF vs DKIM: What's the Difference?

    Understand the key differences between SPF and DKIM, and why you need both for complete email authentication.

  3. 03
    Comparison4 min read

    DMARC vs SPF: How They Work Together

    Learn the difference between DMARC and SPF, and why DMARC builds on SPF to provide policy enforcement and reporting.

  4. 04
    Comparison4 min read

    DMARC Aggregate vs Forensic Reports

    Compare DMARC aggregate (RUA) and forensic (RUF) reports — understand what each provides and when to use them.

  5. 05
    Comparison4 min read

    BIMI vs No BIMI: Is It Worth Implementing?

    Evaluate the benefits of implementing BIMI for your domain — brand visibility, trust, and deliverability improvements.

Published by DDMARC · A PlatOps Security imprint
Set in Fraunces & Geist
Revised April 2026