Learn about all of the email sources used by your company. Determine unauthorized sources that send email that appears to be from your organization. Determine which messages sent by your company pass or fail authentication checks (SPF or DKIM, or both).

When SPF or DKIM checks the message, DMARC passes or fails it based on whether the message’s From: header matches the sending domain. This is known as alignment. So, before configuring DMARC for your domain, you should enable SPF and DKIM.

When receiving mail servers receive a message that appears to be from your organization but fails authentication checks or does not meet the authentication requirements in your DMARC policy record, DMARC instructs them on what to do. Unauthenticated messages could be impersonating your organization or coming from unauthorized servers.

DMARC not only provides full visibility into email channels, but it also highlights phishing attacks.
DMARC is more powerful and is capable of mitigating the impact of phishing and malware attacks, preventing spoofing, protecting against brand abuse, scams and avoiding business email compromise.