DMARC

DMARC is a DNS-published mail posture signal that can describe how receiving mail systems should handle email that fails domain authentication checks.

DMARC postureMail postureObserved over time

Observed evidence

Observed by .auDO

These fields describe the public evidence .auDO records for this signal where available.

dmarc_presentdmarc_recordsdns_raw.dmarc_recordsdns_raw.dmarc_presenttxt_records

Interpretation

How to read this signal

This signal is useful as public evidence of visible posture or change, not as a conclusion on its own.

Why it matters

DMARC presence and policy can help contextualise visible mail posture when interpreted with MX records, SPF, TXT evidence and inferred email provider.

What change may indicate

DMARC changes may reflect policy tuning, rollout, provider migration, DNS changes, administrative cleanup or accidental removal.

Limits

What it cannot tell us

DMARC presence does not prove complete protection. DMARC absence does not prove negligence, compromise, intent, risk or whether a domain is otherwise safe.

Observations are descriptive records, not risk scores, allegations or evidence of compromise.

Observed patterns

Common observations

DMARC presence change

Report surface

Where it appears

This signal can appear in daily reports, the observation panel, methodology notes, derived report artefacts and preserved raw snapshot evidence when the relevant fields are present.

Nearby signals

SPF MX records Email provider TXT records

Use alongside

Explore this signal in context

DMARC is most useful when read alongside related mail posture signals, email provider context, dated reports and the plain-language DMARC explainer.

Why DMARC matters DMARC state Email provider state Observed cohorts Reports Methodology