Comment by brightball
3 hours ago
DMARC isn't for sending email successfully, it's for preventing other people from impersonating your domain. Without it, there's nothing stopping anybody from sending an email saying it is from you@qurren.com. SPF tried. DKIM tried. Both of them had gaps.
When you use them together and have a DMARC policy that requires one of them or the other for successful delivery, it's the best current solution.
Except I think I've had 1:1 personal e-mails from my domain go into a legitimate recipient's spam filter just because I didn't have DMARC set up and their mail server was flagging that "DMARC not set up == spammy domain"
Too many admins just had it set to “no valid DMARC? Spam” instead of the more proper “failed DMARC? spam”.
Which is subtly different.
That is perfectly reasonable. Set it up correctly.
It is so much easier to set these things up with a frontier AI to walk you through the Byzantine steps.