When does DMARC cause a message rejection?

When a DMARC policy is set to have policy p=reject : what is the exact scenario under which the DMARC-aware receiving server actually does reject the message?
1. DKIM and SPF fails
2. Only DKIM fails
3. Only SPF fails


In brief, the answer is 1. Both must fail for rejection.

More completely:
if *either* DKIM or SPF pass and are correctly aligned, then the DMARC policy is a 'pass', the p=reject will not be in force.
On the flip side, if either fail, then Agari gets details reported to us if your DMARC reporting addresses point to us and the receiving service supports the standard.

Have more questions? Submit a request


Please sign in to leave a comment.
Powered by Zendesk