DMARCbis Explained: The New DMARC Update and How to Prepare
May 15, 2025 | 3 min read
The DMARC protocol (Domain-based Message Authentication, Reporting, and Conformance), first published in 2015 as RFC 7489, is about to change.
DMARCbis, informally referred to as DMARC 2.0, is the upcoming revision of the DMARC email authentication protocol. Developed by the IETF and expected to become a Proposed Standard in 2025, DMARCbis resolves long-standing ambiguities in the original specification, introduces a more reliable method for domain evaluation, and streamlines tag usage. Existing DMARC setups will remain valid, but organizations are encouraged to review their configurations to align with these improvements and take advantage of enhanced security and interoperability.
What is DMARCbis?
DMARCbis is the next evolution of the Domain-based Message Authentication, Reporting, and Conformance (DMARC) protocol. Unlike its predecessor (RFC 7489), which was published as an informational document, DMARCbis is set to be adopted as a formal standard. This reflects the protocol’s growing importance and widespread deployment across the global email ecosystem.
The core principles remain intact: domain owners can authenticate their email sources, prevent spoofing, and gain visibility into how their domains are used. However, the update focuses on making the protocol easier to implement, more accurate in domain alignment, and clearer in its guidance.
Key Enhancements in DMARCbis
Replaces PSL with DNS Tree Walk
The new Tree Walk algorithm replaces reliance on the Public Suffix List (PSL) to determine the organizational domain. Instead, the DNS hierarchy is used directly, allowing for more accurate alignment and native support for policy inheritance. The lookup is limited to eight levels, and domain boundaries are defined using new tags like psd.
Simplified Tag Structure
To reduce confusion and implementation complexity, several tags are being replaced including the following:
| Deprecated Tags | New Tags |
|---|---|
pct – Partial enforcement | psd – Marks public suffix domains explicitly |
rf – Report format | np – Defines policies for non-existent subdomains |
ri – Report interval | t – Signals testing status (advisory only) |
Improved Specification & Clarity
The DMARCbis specification has been restructured with more consistent formatting, clearer definitions, and better examples. A new section also outlines what constitutes “full DMARC participation,” giving domain owners and receivers a shared standard for compliance.
Backward Compatibility
The v=DMARC1 tag remains unchanged to preserve compatibility. Existing, correctly configured DMARC records will continue to function as-is, but organizations are encouraged to review and adjust them to align with the updated guidance.
Why This Matters
Though DMARCbis is evolutionary rather than disruptive, it brings meaningful improvements in security, operational clarity, and domain management. By refining domain alignment, improving policy inheritance, and offering better guidance, DMARCbis makes it easier to implement and manage robust email authentication at scale.
For organizations already using DMARC, the transition should be straightforward. However, understanding and preparing for the changes now will ensure a smoother upgrade later – and avoid issues with deprecated tags or misconfigured subdomains.
What Should You Do Now?
Here’s how your organization can prepare:
- Audit your DMARC records: Remove deprecated tags and ensure your organizational domain has a valid policy.
- Evaluate your domain structure: Understand how Tree Walk may change domain alignment across subdomains.
- Familiarize with new tags: Consider using
psd,np, andtwhere applicable. - Update your team: Ensure security and IT staff are aware of the upcoming changes.
- Monitor for updates: Final publication is expected in 2025 – stay informed as the draft progresses.
How Skysnag Can Help
Skysnag’s all-in-one real-time email authentication platform is purpose-built to support your email authentication journey, especially during transitions like this one. With Skysnag, you gain:
- Centralized visibility into all email sources
- Automated setup and management for DMARC, SPF, DKIM, MTA-STS, and TLS-RPT
- Guidance on adopting DMARCbis-compliant configurations
- Expert support from a team that has tracked DMARCbis since its inception
Whether you’re maintaining compliance, increasing protection, or implementing DMARC for the first time, Skysnag can simplify the process.
Ready to simplify DMARC and secure your organization? Get in touch with Skysnag for a complimentary personalized consultation or sign up to our platform for free today.
