How Does Palisade Handle DMARC for Inbound Emails?

What is DMARC and why does it matter for inbound emails?

DMARC (Domain-based Message Authentication, Reporting & Conformance) tells receiving servers how to handle messages that fail SPF or DKIM checks. When a domain’s DMARC policy is set to Reject, legitimate spoofed emails should be bounced, protecting users from phishing.

How does Palisade handle inbound emails when DMARC is set to Reject?

By default, Palisade logs DMARC failures but still delivers the message, tagging it as fraudulent. Enabling the anti‑spoofing feature forces Palisade to honor the domain’s Reject policy and bounce non‑compliant emails.

How can I enable the anti‑spoofing feature in Palisade?

Go to Palisade Dashboard → Add your domain → Configure DMARC and this is how you Enable Anti‑Spoofing Policies.

What anti‑spoofing policies can I configure?

After enabling the feature, navigate to Palisade Dashboard → Add your domain → Configure DMARC. You’ll find different actions from our AI Agents about how to configure Anti-Spoofing.

How should I configure the Inbound DMARC policy?

Choose Allow the sending domain’s DMARC policy to determine whether or not to block messages. This lets Palisade follow the sender’s DMARC rule for each email.

What happens if I ignore the sender’s DMARC policy?

Emails that fail DMARC are still delivered, but the result is logged in the message header and audit logs for later review.

How does the Inbound SPF policy work?

If DMARC is ignored, Palisade falls back to SPF evaluation. Outcomes include Failure (possible spoofing), Temporary Error (DNS timeout), and Permanent Error (malformed SPF record).

What are the possible results of the Inbound DKIM policy?

Similar to SPF, DKIM evaluation returns Failure (invalid signature), Temporary Error (DNS issue), and Permanent Error (malformed DKIM key).

How can I decide whether to quarantine or deliver suspicious emails?

For each policy (DMARC, SPF, DKIM) you can select Quarantine to stop delivery, Take no action to allow delivery, or Tag subject line to prepend a warning while still delivering.

Can I set exceptions for specific domains?

Yes. Palisade lets you create an exception list for each anti‑spoofing policy, so trusted partners aren’t blocked even if they fail DMARC.

Where can I check my domain’s DMARC status?

Use Palisade’s Email Security Score to view your DMARC, SPF, and DKIM configurations in one place.

How do I test my SPF record?

Run a quick SPF lookup with Palisade’s SPF tool to ensure it’s correctly published.

How do I validate my DKIM signatures?

Use Palisade’s DKIM checker to verify keys and signatures.

What is BIMI and how does it relate to DMARC?

BIMI (Brand Indicators for Message Identification) displays your logo in supporting inboxes, but only when DMARC is set to Quarantine or Reject. Set up BIMI with Palisade’s BIMI tool.

Quick Takeaways

Additional FAQs

Does Palisade automatically block all spoofed emails?

No. Spoofed emails are only blocked when the Anti‑Spoofing feature is enabled and the policy is set to Quarantine or Reject.

Can I see a log of DMARC failures?

Yes. Palisade records every DMARC evaluation result in the message header and audit logs, viewable in the admin console.

What if my SPF record is missing?

Palisade will treat the SPF check as a failure, which you can then quarantine or tag based on your policy.

Is BIMI required for DMARC enforcement?

BIMI is optional, but it only displays when DMARC is set to Quarantine or Reject, reinforcing brand trust.

How often should I review my anti‑spoofing settings?

Regularly—at least quarterly—or after any major DNS or email infrastructure changes.