What is DMARC and why did it break my email?

Learn more about technical email deliverability issues and how to fix them.

The most common issue we helped ecommerce brands fix in 2025 is troubleshooting email deliverability. Gone are the simpler and kinder days of creating fun graphics and sending out broadcast blasts to full lists of strangers who may or may not have given you legal permission to message them. There is now a rigorous and extremely technical framework for managing domain reputation and sending requirements. There are 3 technical components to navigate and we're here to help demystify this complex issue and get you back to choosing which of the 12 email-safe fonts you want to be your fallback.

What does DMARC do?

DMARC stands for "Domain-based Message Authentication, Reporting & Conformance". In less technical language, DMARC is a set of rules that verifies who is sending email messages and what to do when they look suspicious. When DMARC is configured correctly, it protects your domain from fraud, enhances deliverability to your customers, and establishes trust between your domain and mailbox providers like Google and Appel. Because DMARC is a technical framework, it has very specific requirements that must be met in order to validate each message and each sender, which also means that the slightest error, misspelling, or tweak can have major repercussions.

What's the difference between DMARC and DKIM?

DMARC is one piece of a 3-policy structure:

  1. SPF, or Sender Policy Framework, is a domain based record that verifies that a message is being sent from, or on behalf of, the domain that is listed as the sender. Essentially, SPF is a check mark that says an email is authentic. When a message fails SPF, DMARC governs how that message should be treated. In other mail terms, SPF represents the address of the sender.
  2. DKIM, which stands for DomainKeys Identified Mail), acts as a signature from the sender, maintaining proof of identity, even when the message is forwarded past the original recipient. You can think of DKIM as who signed the letter.
  3. DMARC manages what happens when a message fails any of the above, as well as adding a fraud check overall. In our analogy of postal services, DMARC is the Post Office, checking for fraud, handling issues or unknown addresses, and helping ensure that good messages get delivered to their recipients.

Each of these are critical to domain reputation and work together to validate domains, verify senders, and maintain trust in the overall system.

This error message shows up in inboxes when SPF isn't valid

Do you really need DMARC?

Yes.

If your domain does not have any of the records mentioned, or if any of them are malformed, it will prevent messages from being delivered and, over time, erode your domain's reputation. In short, if any of these are not perfect, you can assume that none of your emails will ever make it to your intended audience.

Because digital brands often have multiple technical providers, it is very easy to fail or break this structure.

What are some common issues with SPF/DKIM/DMARC?

  • Missing records. Within this 3-piece structure, any missing component will immediately mark your message as suspicious and potentially harmful. Depending on which pieces are missing, your message might be flagged as harmful in the receiver's inbox or prevented from being delivered altogether.
  • Multiple records. Depending on the technical partners you might be using, it can be easy to accidentally duplicate a record that should be combined. This can also create confusion within your domain settings. Going back to our postal service analogy, it's suspicious to send a letter from multiple addresses.
  • Malformed records. Because these are all technical records at the domain level, a missing period, incorrect character, or extra semicolon will invalidate your sending domain. These can also be tricky to identify.
  • Policies. A key component of the DMARC policy can be changed to handle messages differently. At the domain level, you can tell inboxes to ignore, flag, or block messages that don't meet the other standards. Each of these has its own restrictions and should be considered carefully before implementing.
Google uses domain records to help report suspicious or harmful messages.

How do I fix DMARC?

If you think you have an issue with email deliverability, the first thing you can check is your DMARC records. There are many tools for this but we tend to use a free tool to check for issues: https://mxtoolbox.com/dmarc.aspx

Please remember that this is only a diagnostic tool and not designed to fix any issues for you.

If you don't want to do this alone, you can contact us. Effigy Agency has helped dozens of clients with this exact issue.