A DMARC record is a DNS TXT record that can be published for a domain to control what happens if a message fails authentication, meaning the recipient server cant verify that the messages sender is who they say they are. DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. The record specifies how strictly DMARC should check, what to do with messages that don’t pass authentication, and the percent of unauthenticated messages that are subject to the DMARC policy. DMARC records are essentially made up of a specified Host/Name and tag-value pairs, where a tag is paired with a value to tell the receiving mail server what actions to take. Once published, a DMARC record is used by receiving mail servers to determine what to do with a failed message, such as rejecting, quarantining, or doing nothing with a suspicious email. DMARC reports sent to the domain owner have details about messages that SPF and DKIM can’t authenticate. To create a DMARC record, one needs to use the DMARC tag-value syntax and add it to the DNS as a TXT record.