The DMARC Compliance score is the percentage of email by volume sent from your sending domains that authenticates with SPF and/or DKIM and aligns domains with the visible From address. To be fully DMARC compliant, all authenticated email should align to the sending domain.
This means that for SPF, the return-path domain matches the visible From address domain, and for DKIM, the DKIM signing domain (d=) also matches the visible From address domain.
- DMARC compliant mail is mail that both authenticates and aligns for either SPF or DKIM, or was forwarded with an ARC chain present.
- Non-compliant mail has failed both DKIM and SPF alignment, or has authenticated on a non-aligned domain.
- Your mail does not have to authenticate and align for both SPF and DKIM; just one is sufficient. However, SPF has to both authenticate and align, or DKIM has to both authenticate and align.
The DMARC compliance thresholds for Everest are:
- Excellent: 90 - 100% compliance
- Good: 80 - 90% compliance
- Moderate: 70 - 80% compliance
- Poor: < 70% compliance
The DMARC Compliance score is tracked in a simple trend chart within the Everest Infrastructure section. Hover over each day on the bar graph for a breakdown of compliance metrics for that day.