DMARC is now an IETF Proposed Standard: what's new in RFCs 9989–9991
The DMARC protocol has been updated and is now an IETF Proposed Standard as of May 2026. This update includes significant changes aimed at improving email security and addressing limitations of the original protocol. The new specification is published as three separate RFCs, which provide clearer guidelines and better support for domain owners.
- ▪DMARC is now published as RFC 9989, RFC 9990, and RFC 9991, replacing the previous RFC 7489 from 2015.
- ▪The updated specification includes a restructuring for better readability and practical guidance.
- ▪New tags have been added to the DMARC policy record, while some existing tags have been removed.
Opening excerpt (first ~120 words) tap to expand
← Blog Last updated May 20, 2026 DMARC is now an IETF Proposed Standard: what's new in RFCs 9989–9991 Matteo 18 min. read The DMARC protocol (Domain-based Message Authentication, Reporting, and Conformance) was updated in May 2026 and is now an IETF Proposed Standard. It is published as RFC 9989, RFC 9990, RFC 9991, replacing the Informational RFC 7489 from 2015. While the new DMARC isn’t a revolution, it contains some important changes. This article aims to be a comprehensive list of the most relevant changes in the new RFCs. Introduction DMARC is an email security protocol that helps protect your domain from being impersonated by scammers and phishers, an attack known as spoofing. DMARC builds upon two other foundational protocols of email, SPF and DKIM.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at DMARCwise.
Discussion
0 commentsMore from DMARCwise
