What Is DMARCbis?

DMARCbis (also called DMARC 2.0) is the next version of DMARC, the email security standard that helps protect domains from spoofing and phishing. It's being finalized by internet standards groups and is expected to roll out in 2026.

The goal of DMARCbis is to make DMARC more accurate, more secure, and easier for email systems to interpret, while still working with existing DMARC setups.

Overview Changes

  • Smarter domain detection – Instead of relying on an external list of domain suffixes, DMARCbis uses DNS itself to determine who "owns" a domain. This reduces errors and makes it more difficult for attackers to exploit complex domain structures.

  • Better protection for subdomains – DMARCbis adds a new rule that helps block email sent from non-existent subdomains, a common phishing trick.

  • New configuration options – New settings allow domains to:

    • Clearly identify public suffix domains

    • Safely test DMARC policies before fully enforcing them

  • Simpler rules – Some older options are being removed to reduce confusion and make DMARC behavior more predictable.

  • Clearer standards – DMARCbis moves DMARC from "informational guidance" to a formal internet standard, which means email providers will interpret and enforce it more consistently.

Specific Changes

DNS Tree Walk
As mentioned, DMARCbis uses DNS itself to determine the organizational domain, improving reliability and reducing errors caused by complex domain structures.

New Tags

  • psd (Public Suffix Domain): Explicitly identifies a domain as a public suffix.

  • np (Negative Policy): Defines how email from non-existent subdomains should be handled, helping prevent subdomain-based phishing.

  • t (Testing): Indicates that a DMARC policy is in a testing phase.

Retired Tags
Some older DMARC tags, including the pct (percentage) tag, are being removed to simplify policy enforcement and improve consistency.

Enhanced Standard Status
DMARCbis moves from an informational RFC to a Proposed Standard, providing clearer guidance and more consistent interpretation by email receivers.

What This Means for You

  • Your existing DMARC record will continue to work.

  • You don't need to make immediate changes.

  • Over time, updating your DMARC policy can give you stronger protection against spoofing, especially for subdomains and third-party email services.

DMARCbis is designed to fix long-standing DMARC issues while improving security, without breaking what already works.

burritos@banana-pancakes.com braunstrowman@banana-pancakes.com finnbalor@banana-pancakes.com ricflair@banana-pancakes.com randysavage@banana-pancakes.com