> ## Documentation Index
> Fetch the complete documentation index at: https://jetemail.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# DMARC

> Required DMARC configuration for JetEmail domains

Domain spoofing is a serious threat to email integrity. Attackers impersonate a domain they don't own to send phishing emails or distribute malware. Three authentication standards work together on the open internet to stop this: DKIM, SPF, and DMARC.

JetEmail requires every sending domain to have a DMARC record. The **minimum** policy that satisfies this requirement is `p=none`, which monitors authentication results without acting on failures. If no DMARC record is detected for a domain, JetEmail will reject any attempts to send email from that domain.

<Warning>
  **`p=none` is the floor, not the goal.** It satisfies our minimum requirement and is fine for a few days while you watch DMARC reports come in, but it provides **no protection against spoofing**. Receivers will deliver fraudulent mail that fails authentication just as readily as legitimate mail. As soon as your reports show all legitimate sources passing, move to `p=quarantine` and then `p=reject`.
</Warning>

### Required DMARC record

Name: `_dmarc.domain.com`
TTL: `14400`
Value:

```
v=DMARC1; p=none
```

This is the minimum that passes our check. A stricter policy also passes, and is what you should aim for once your authentication is clean:

```
v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com
```

```
v=DMARC1; p=reject; rua=mailto:dmarc@yourdomain.com
```

Add `rua=mailto:...` (aggregate report address) so you receive daily reports from major mailbox providers. Use those reports to confirm all of your legitimate senders pass SPF or DKIM alignment before tightening the policy.