🚧 DRAFT — work in progress. Nothing here is final; content and features are still being built.
Shipshape

WTF Series

WTF is DMARCbis?

The long-overdue upgrade to the DMARC spec that most email senders have never heard of.

The real explanation

DMARC has been running on an experimental RFC (7489) since 2015. Not a typo. The protocol that protects your domain from spoofing has technically been labeled "experimental" for over a decade. DMARCbis is the standards-track rewrite that finally promotes DMARC to a full Internet Standard.

The big changes? The Public Suffix List (PSL) dependency gets reworked so organizational domains are handled more predictably. There's a new "tree walk" mechanism for discovering DMARC policies up the domain hierarchy. Aggregate reporting gets tightened up with clearer requirements for what reporters must include. And the spec cleans up years of ambiguity around how receivers should handle edge cases.

If you're a regular email sender, DMARCbis probably won't change your day-to-day setup. Your p=reject still works. But if you manage DMARC for a large organization with lots of subdomains, the tree walk changes matter. And if you're an ESP or mailbox provider, the reporting updates are significant.

Show me an example

Say you own bigcompany.com and you've set a DMARC policy on that domain. Under the current spec, a subdomain like promo.bigcompany.com might or might not inherit your policy depending on how the receiver interprets the PSL. With DMARCbis, the tree walk makes this explicit: the receiver checks promo.bigcompany.com first, then walks up to bigcompany.com, following a defined path. No guessing.

Who handles this?

Sigilthe Signaler

Sigil covers authentication (spf/dkim/dmarc/bimi).

Go deeper

Read more in the Email Almanac: DMARCbis in the Almanac

Related entries

Share this
© 2026Review My Emails. Confidential & proprietary — unreleased draft. Unauthorized copying, reproduction, or distribution of this site or its contents is prohibited. All rights reserved.