In a recent Sendmarc fireside chat, Todd Herr, Principal Solutions Architect at GreenArrow Email and co-editor of DMARCbis, joined Dan Levinson to discuss what’s changing in the next iteration of DMARC and what security teams should start paying attention to now.
For organizations already working to strengthen email authentication, the message is straightforward. DMARCbis isn’t a reset. It is a refinement of a protocol that has already become central to modern email security.
Herr put it simply: “I don’t see DMARCbis as a revolution so much as an evolution.”
Why DMARCbis deserves attention
DMARC has been around for over a decade. During that time, it has become one of the most important controls for reducing direct-domain spoofing and improving visibility into who’s sending email on behalf of your company.
But broad adoption also exposes where standards need to become clearer.
That is where DMARCbis comes in. The update reflects years of operational experience and lessons learned from real-world DMARC use. Instead of reinventing DMARC, it aims to make the protocol clearer, more maintainable, and more consistent for the people who rely on it.
For security teams, that matters because email authentication isn’t a niche technical project. It is part of the baseline for protecting domains, supporting delivery, and meeting rising sender requirements.
What is changing in DMARCbis
One of the most useful parts of the fireside chat is how clearly it frames the kinds of changes teams should expect.
Some of the updates focus on record tags and deprecations. That may sound minor, but it matters in practice. Ambiguity in standards often leads to inconsistent implementation, which creates operational friction.
The discussion also covers clearer expectations around reporting and participation. In real terms, that means businesses need to think beyond publishing a DMARC record. Effective participation depends on aligned authentication, visibility into sending sources, and reporting that teams can actually use.
Another key topic is receiver-side policy discovery through DNS tree walk. DMARCbis introduces a standardized approach to help receivers identify the organizational domain more consistently.
What security teams should take away
The biggest takeaway is that DMARCbis shouldn’t be viewed as a distant standards update with no operational impact.
The direction is toward clearer rules, tighter interpretation, and less room for inconsistent behavior across implementations. That mirrors what the market is already telling us. Major mailbox providers have continued to tighten sender expectations, and authentication is increasingly treated as a basic requirement, not a nice-to-have.
For security leaders, that means now is the right time to ask practical questions:
- Do you know all the systems sending emails on behalf of your domains?
- Are SPF, DKIM, and DMARC aligned across legitimate email streams?
- Is your reporting useful enough to support decisions, or is it just noise?
- Are you still stuck at visibility, or are you moving toward enforcement?
DMARC alone isn’t a deliverability shortcut
One of the more important points raised in the discussion is also one of the most misunderstood.
Publishing DMARC doesn’t guarantee inbox placement.
Authentication helps mailbox providers verify identity and distinguish legitimate emails from spoofed messages. But it doesn’t replace strong sending practices or responsible operations.
That distinction is important because many teams still approach DMARC as a box to tick. In reality, it’s one part of a broader email security and trust strategy.
Why 2026 is the right time to prepare
Security and email teams don’t need to panic about DMARCbis, but they should pay attention to it. The update is best understood as a refinement of the DMARC standard based on years of practical experience.
That doesn’t change the core work teams need to do. Companies still need to understand their sender landscape, maintain alignment, and move from monitoring (p=none) toward enforcement in a controlled way.
What DMARCbis does signal is that email authentication is continuing to mature.
As standards and sender expectations become clearer, this is a good time for teams to review their current posture, identify gaps, and make sure their authentication program can support both security and delivery at scale.
Why partner with Sendmarc
Sendmarc helps partners deliver trusted email security services to their customers by making DMARC deployment and management practical at scale.
With an enterprise-first platform and expert support, partners can help businesses protect their domains from email impersonation, reduce phishing and spoofing risk, and maintain control across complex, multi-domain sending environments.
Beyond strengthening security, Sendmarc helps support email deliverability by ensuring legitimate communications authenticate correctly and reach inboxes.
Partners can rely on Sendmarc’s expertise and tooling to take customers from visibility to enforcement and support long-term DMARC compliance.
Learn more
Sendmarc is a ConnectWise Invent–certified integration—visit our ConnectWise Marketplace listing to learn more.
The term 'ConnectWise' is a trademark of ConnectWise, LLC. This application uses the ConnectWise API but is not a ConnectWise product or service and is licensed separately from ConnectWise products and services.
