A DMARC record is a DNS TXT record that can be published for a domain to control what happens if a message fails authentication, meaning the recipient server cant verify that the messages sender is who they say they are. DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. A DMARC record is essentially made up of a specified Host/Name and tag-value pairs. Tag-value pairs are paired to tell the receiving mail server what actions to take. A DMARC record specifies what the recipient of an email should do with mail that fails authentication. The record defines how strictly DMARC should check, what to do with messages that don’t pass authentication, and the percentage of unauthenticated messages that are subject to the DMARC policy. Once published, a DMARC record is used by receiving mail servers to determine what to do with a failed message. DMARC records are stored in the Domain Name System (DNS) as DNS TXT records.