How to fix DMARC Policy Bounces?
What is a “DMARC Policy” bounce?
A “DMARC Policy” bounce means that the sending domain (Your or your client’s domain) has made a rule that any messages sent on their behalf must use DKIM and/or a custom Return-Path (SPF) for the messages to be sent. This is a rule the domain’s IT/mail admins have put in place to protect the domain's sending reputation, as it means that the domain must grant every service using their domain permission to send from it.
Put simply, the sending domain is asking receivers i.e Google, Hotmail, Yahoo, etc to only accept messages from it if they pass DKIM and/or SPF (Return-path) alignment. You tell them that through your DMARC record that you have in your DNS.
Here is what this bounce looks like:
And what is DMARC?
DMARC (Domain-based Message Authentication, Reporting & Conformance) is a standard that allows you to set policies on who can send emails for your domain based on DKIM and SPF alignment. In combination with SPF and DKIM, a DMARC policy in DNS allows a sending domain to set rules for receiving mail servers to reject or quarantine (junk folder) emails from your domain sent through sources you do not know. Through support from ISPs (Gmail, Yahoo, Microsoft, and more) DMARC also allows you to receive reports on sending activity for your domain.
How do I fix “DMARC Policy” bounces?
The good news here is this is your domain (or your client’s domain), so you’re in control and can fix this by updating your DNS records to pass DMARC alignment by passing DKIM and/or SPF alignment, here is how you Pass DKIM and/or SPF(Return-path):
- To pass DKIM authentication, you need to verify your domain.
- To pass SPF authentication, you need to add a custom return path.
With this, messages sent through Postmark will pass DKIM & SPF alignment and hence pass DMARC alignment and you’ll no longer see this bounce 👍🏻 ✨ ✨
Learn more about DMARC from this guide we’ve put together, you’ll find great insights there on how to best use DMARC to monitor and protect your domain’s sending reputation.
We also have our own DMARC monitoring tool to help you monitor and fix authentication issues that prevent your email from reaching the inbox and see who’s sending using your domains.