DMARC Compliance Requirements
Here are some of the global DMARC compliance requirements:
Microsoft Bulk Sender Requirements
On May 5, 2025, Microsoft began requiring senders delivering over 5,000 daily messages to Outlook.com, Hotmail.com, or Live.com to implement SPF, DKIM, and DMARC. Non-compliant messages are rejected at the SMTP level with the error "550 5.7.515 Access denied, sending domain [SendingDomain] does not meet the required authentication level." A DMARC policy of at least p=none, with alignment under SPF or DKIM, satisfies the requirement.
Google Bulk Sender Requirements
Beginning in 2024, Google required general senders to use SPF or DKIM, and bulk senders (those sending over 5,000 messages per day to Gmail accounts) to fully implement DMARC, SPF, and DKIM, along with additional requirements such as one-click unsubscribe and low spam rates.
Yahoo Bulk Sender Requirements
As of February 2024, Yahoo required bulk senders to implement DMARC, SPF, and DKIM, along with additional requirements and best practices.
Apple (iCloud Mail) Requirements
To send bulk email to iCloud Mail users, SPF, DKIM, and DMARC implementation is expected. Like other major providers, Apple also expects adherence to additional email-sending best practices.
Digital Operational Resilience Act (DORA)
DMARC is not explicitly required under DORA, but it supports DORA's goals by mitigating phishing and spoofing risks, thereby strengthening overall domain security and operational resilience.
PCI DSS v4.0
Although DMARC is not explicitly required in PCI DSS v4.0, it can support compliance with Requirement 5.4.1, which calls for mechanisms to detect and protect against phishing attacks for entities handling cardholder data.
ISO/IEC 27001
ISO/IEC 27001 does not explicitly mandate DMARC, but implementing it supports compliance by strengthening email threat detection and risk management. DMARC enhances visibility and protection against spoofing, aligning with the standard's focus on proactive information security controls.
The High Stakes: Biggest DMARC Compliance Risks
When you fail to meet DMARC compliance requirements, you are likely to face numerous risks, including:
- Increased risk of spoofing, phishing, and impersonation
- Higher chances of regulatory fines stemming from data breaches
- Poor email deliverability and higher bounce rates
- Damage to brand reputation and customer trust
In the context of cyber insurance, implementing DMARC (particularly at enforcement) can demonstrate strong email security practices, which may positively influence premium assessments, eligibility, and claim evaluations for email-related incidents.
Standard Email Protocols: SMTP, POP3 & IMAP Free4 m- What is Email Security? Free4 m
- Email Security Practices Free4 m
- Building an Email Security Compliance Model Free5 m
- Corporate Email Security Checklist Free3 m 30 s
- What is the difference between Inbound email security and outbound email security? Free4 m
- What is Information Security? Free4 m
- Zero Trust Security Model Free3 m
- What is a DNS Lookup? Free4 m
- Understanding the 10 DNS Lookup Limit for SPF Records Free3 m
- SPF Void Lookups Explained Free2 m
- Creating and Optimizing SPF records for your own domain Free4 m
Video Free2 m- What is SPF Permerror and How to Fix It Free7 m
- Video Free2 m
- SPF Flattening Free5 m
- SPF Macros Free9 m
- Video Free2 m
- What is SPF Alignment? Free3 m
- How to Set Up Microsoft Office 365 SPF record? Free4 m
- How to Set Up Google Workspace SPF Record? Free2 m
- How to Set Up MailChimp SPF Record? Free3 m
- How to Set Up SendGrid SPF Record? Free2 m
- How to Set Up Salesforce SPF Record? Free3 m
- How to Setup Zoho Mail SPF Record? Free2 m
- What is DKIM Alignment? Free3 m
- DKIM Domain Alignment Failures Free6 m
- How to Set Up DKIM for Microsoft Office 365? Free4 m
- How to Set Up DKIM for Google Workspace? Free3 m
- How to Set Up DKIM for MailChimp? Free4 m
- How to Set Up DKIM for SendGrid? Free3 m
- How to Set Up DKIM for Salesforce? Free3 m
- How to Set Up DKIM for Zoho Mail? Free3 m
- DMARC RFC 9989, 9990 and 9991 Free5 m
- What is DMARC Compliance? Free2 m
- DMARC Compliance Requirements Free2 m
- The Benefits of DMARC Free2 m
- DMARC Configuring Free3 m
- Achieving DMARC Enforcement Free2 m
- DMARC Vs Antispam Solutions Free2 m
- DMARC Identifier Alignment Free2 m
- DMARC sp Tag Exceptions & Uses Free1 m
- Configuring DMARC without DKIM Free3 m
- Configuring DMARC without SPF Free2 m
- DMARC Aggregate Report Views Free3 m
- Video - PowerDMARC Aggregate Reports Free2 m 13 s
- DMARC Forensic Report Views Free2 m
- Video - PowerDMARC Forensic Reports Free0 s
- DMARC Forensic PGP Encryption and Decryption Free2 m
- TLS Report Views Free3 m
- Video - PowerDMARC TLS Reports Free0 s
- PDF/CSV Reports Free2 m
- Video - PowerDMARC PDF/CSV Reports Free1 m 1 s