DMARC is evolving — here’s why DMARCbis matters
Email remains one of the easiest ways for attackers to impersonate a trusted brand. As organisations grow and domain environments become more complex, DMARC (Domain-based Message Authentication, Reporting, and Conformance) programmes also become harder to manage.
That’s exactly why DMARCbis exists. The new revision focuses on removing ambiguity, simplifying how policies work, and standardising formats and reporting intervals so email authentication becomes clearer and more reliable.
In short, this is the most significant update to DMARC since the original specification — and it’s designed to better reflect how modern organisations actually use email.
What is DMARCbis?
DMARCbis is a revision of DMARC that is set to be released as an IETF Proposed Standard, built on more than a decade of real-world deployment lessons.
Crucially, it maintains backward compatibility and still uses v=DMARC1. That means organisations don’t need to rush into record changes just to stay compliant.
Key updates in DMARCbis
Smarter boundary detection with DNS Tree Walk
One of the biggest changes is the move away from reliance on the Public Suffix List (PSL). Instead, DMARCbis introduces a DNS Tree Walk algorithm to determine organisational domain boundaries more reliably.
The result: fewer inconsistencies and a much more DNS-native way of identifying which domains belong together.
New tags for clearer policy control
DMARCbis introduces several new tags designed to improve clarity and control:
- psd — explicitly marks public suffix domains
- np — sets policy for non-existent subdomains
- t — a clearer “testing mode” indicator
Legacy tags removed
Several tags were deprecated because they caused inconsistency. DMARCbis simplifies this by removing pct, rf, and ri, while also standardising reporting formats to make implementation much clearer.
Clearer separation of specifications
The updated specification has been split into separate drafts covering:
- Core protocol
- Aggregate reporting
- Failure reporting
This makes the standard easier to understand, implement, and maintain.
What this means for channel partners
DMARCbis isn’t just a technical update. It reflects years of real-world deployment challenges — and it creates a strong opportunity for partners to re-engage customers with meaningful conversations.
The partner opportunity
DMARCbis creates a natural reason to restart three high-value discussions:
- “Are we confident which domain DMARC treats as our organisational domain?”
Complex domain structures are where the biggest risks sit, and DMARCbis pushes the industry toward more explicit boundary signalling. - “Do we have a plan for non-existent subdomain spoofing?”
The new np tag helps close one of the most common impersonation entry points. - “What should we do before DMARCbis becomes final?”
DMARCbis timeline — and what to do now
Sendmarc notes that the main DMARCbis and aggregate reporting documents were approved by the IESG in 2025. However, final publication still depends on completing the failure reporting document, so an official release date hasn’t been confirmed yet.
“DMARCbis is still being finalised, but you don’t need to wait to reduce risk. Focus on getting full visibility across your sending sources and tightening enforcement — that way, adopting DMARCbis later is low-friction.”
Ready to learn more?
Want to see how this affects your customers — and how to position it commercially?
