(This article is aimed at people who know about DNS).

When you ask them to, email providers who receive your mailshots send you email information about email security: a DMARC report. You can now direct such DMARC reports to Cameo.

Administrators (only) can then find them, as attachments, at the end of profile → incoming email. They are presented as the XML file provided, but unpacked from the zip file in the email attachment.

Google will require DMARC to be active for senders of bulk email from February 2024.


A DMARC entry in your domain’s DNS lets you control what happens when email security features (SPF and DKIM) detect potential forgery. For example, someone is sending email purporting to be from you (a common spammer’s ploy).

SPF says which mail servers are allowed to send email on your behalf. DKIM cryptographically signs the email so recipients can tell if it has been tampered with, and that you are the legitimate sender.

An example of a suitable DMARC entry is shown to administrators in profile → incoming email. That will direct reports (for all email sent from your domain) to your copy of Cameo. If that is at cameo.example.com, then the email address where reports are sent will be dmarc@to.cameo.example.com.

DMARC reports are in XML format. They aren’t easy to read; but that is what is provided. Reports are discarded after three months.

At present, it isn’t a good idea to set your DMARC policy to anything other than none. That’s because plenty of email is forwarded (including by mailing list software). Most email forwarding is done naïvely causing the final recipient to fail SPF and/or DKIM. If you set your DMARC policy to quarantine or reject, then your recipients who forward the email will most likely not see it.