Domain-based Message Authentication, Reporting & Conformance (DMARC)

Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email validation system designed to detect and prevent email spoofing. It is intended to combat certain techniques often used in phishing and email spam, such as email messages with forged sender addresses that appear to originate from legitimate organizations. It provides a way to authenticate email messages for specific domains, send feedback to senders, and conform to a published policy.

DMARC fits into the inbound email authentication process of Trend Micro Email Security. The way it works, is to help email recipients to determine if the purported message aligns with what the recipient knows about the sender. If not, DMARC provides guidance on how to handle the non-aligned messages. DMARC requires either of the following:

  • A message passes the SPF check, and its identifier domain is in alignment.

  • A message passes the DKIM signature check, and its identifier domain is in alignment.

    Identifier alignment requires the domain authenticated by SPF or DKIM to be the same as or the parent domain of the message header domain.

By adding DMARC settings, Trend Micro Email Security allows you to specify actions to take on messages and add enforced peers to make sure email messages from certain sender domains always pass DMARC authentication.


If an email message passes the Sender IP Match check, Trend Micro Email Security skips its own SPF check as well as the SPF check of DMARC authentication for this message.