Can I use DMARC with shared IP addresses?

Summary

The consensus from experts, marketers, and official documentation is that DMARC is indeed compatible with shared IP addresses. DMARC authenticates emails primarily based on the domain in the 'From' header and relies on SPF and DKIM for validation. While the IP address itself is not a direct factor for DMARC's functionality, proper configuration of SPF and DKIM is crucial in shared IP environments. This includes ensuring that all legitimate senders using those shared IPs are authorized in the SPF record and/or that DKIM alignment is properly set up. Starting with a monitoring-only DMARC policy (p=none) and coordinating with your ESP are also highly recommended to ensure successful implementation and to identify and address any potential issues.

Key findings

  • Domain-Based Authentication: DMARC focuses on the domain in the 'From' header, making it inherently compatible with various IP configurations, including shared IPs.
  • SPF/DKIM Dependency: DMARC relies on SPF and DKIM records to authenticate email sources, and their proper configuration is essential, especially in shared IP environments.
  • SPF Record Management: Effective SPF record management is critical to authorize all legitimate senders using shared IP addresses and to maintain a good sender reputation.
  • Monitoring and Reporting: Continuous monitoring of DMARC reports is recommended to identify and address any authentication issues promptly.

Key considerations

  • Ensure SPF Inclusion: Verify that all shared IPs used by your ESP (Email Service Provider) are properly included in your SPF record to authorize legitimate sending.
  • Implement DKIM: Implement and properly configure DKIM as an additional layer of authentication, especially if SPF configuration is challenging.
  • Start with Monitoring Policy: Begin with a relaxed DMARC policy (p=none) to monitor DMARC reports and assess the impact before enforcing stricter policies (p=quarantine or p=reject).
  • Coordinate with ESP: Collaborate with your ESP to ensure their infrastructure is correctly configured with SPF and DKIM to support DMARC requirements.
  • Monitor Sender Reputation: Be aware that in shared IP environments, the activities of other senders can affect the overall IP reputation and, consequently, your DMARC results. Therefore, closely monitor sender reputation.

What email marketers say
12Marketer opinions

DMARC can be effectively used with shared IP addresses. While DMARC authenticates emails based on the domain in the 'From' header, its successful implementation with shared IPs hinges on proper configuration of SPF and DKIM. It is crucial to ensure that the shared IPs are listed in the SPF record or that DKIM is aligned. Starting with a reporting-only (p=none) DMARC policy is advised for monitoring and assessing the impact before enforcing stricter policies.

Key opinions

  • DMARC Independence: DMARC functions independently of the underlying IP infrastructure, focusing on domain-based authentication.
  • SPF and DKIM Importance: Proper SPF and DKIM configuration is crucial for DMARC to function effectively with shared IPs.
  • Alignment Requirements: Either SPF or DKIM needs to be aligned for DMARC to pass, with best practices suggesting both should be aligned.
  • Monitoring Recommended: Starting with a reporting-only (p=none) DMARC policy is recommended to monitor DMARC reports and assess impact before enforcing stricter policies.

Key considerations

  • SPF Record Inclusion: Ensure that the shared IPs used by your ESP are included in your SPF record.
  • DKIM Configuration: Implement and properly configure DKIM for enhanced authentication, especially in shared IP environments.
  • Policy Enforcement: Adopt an iterative approach, starting with a relaxed DMARC policy (p=none) and gradually moving towards stricter enforcement.
  • Collaboration with ESP: Coordinate with your ESP to ensure their sending infrastructure aligns with DMARC requirements and best practices.
Marketer view

Marketer from Email Geeks confirms that a shared IP pool can be included in an aligned SPF record.

July 2022 - Email Geeks
Marketer view

Email marketer from Email Geeks suggests that users who implement DMARC when using an ESP with shared IP addresses should start with a reporting-only policy (p=none) to monitor DMARC reports.

November 2024 - Email Geeks
Marketer view

Email marketer from Postmark answers that you can use DMARC with shared IPs, but it's important to understand the implications for SPF. If the shared IPs are not properly included in your SPF record, DMARC may fail. Using DKIM is a good way to improve the success of DMARC in this scenario.

May 2022 - Postmark
Marketer view

Email marketer from Email Geeks explains that either SPF or DKIM needs to be in alignment for DMARC to pass, but ideally both should pass and be aligned. Recommends implementing DMARC for reporting first and then moving slowly towards an enforcing policy.

December 2022 - Email Geeks
Marketer view

Email marketer from an Email Marketing Forum responds that the key to using DMARC with shared IPs is ensuring SPF alignment. If the shared IPs used by your ESP are included in the SPF record for your domain, DMARC will work correctly. If SPF alignment is a concern, DKIM alignment can also provide the necessary authentication.

January 2025 - Email Marketing Forum
Marketer view

Email marketer from Reddit shares that implementing DMARC when using an ESP with shared IPs is a good practice. Start with a 'p=none' policy to monitor reports and assess the impact before enforcing stricter policies. Ensure SPF and DKIM are correctly configured for optimal results.

July 2023 - Reddit
Marketer view

Marketer from Email Geeks clarifies that to implement a DMARC record you need the IPs listed in the SPF record, and the SPF record must be aligned.

December 2021 - Email Geeks
Marketer view

Email marketer from StackOverflow shares that DMARC is domain-centric and cares about SPF/DKIM alignment, not the type of IP address used to send the email. As long as either SPF or DKIM is aligned, DMARC will pass, irrespective of whether you're using a shared or dedicated IP.

October 2023 - StackOverflow
Marketer view

Email marketer from EmailonAcid answers that implementing DMARC with shared IPs requires careful attention to SPF configuration. Since multiple senders use the same IPs, ensure the ESP’s IPs are included in your SPF record to avoid deliverability issues. Always start with a relaxed policy (p=none) to monitor the impact.

February 2025 - EmailonAcid
Marketer view

Email marketer from SendGrid answers that DMARC functions independently of the underlying email infrastructure, which means it's fully compatible with shared IP addresses. The focus is on the alignment between the domain in the 'From' header and the results of SPF and DKIM checks. As long as these checks align, DMARC will work as intended.

February 2024 - SendGrid
Marketer view

Email marketer from Mailjet answers that using DMARC with shared IPs is possible and recommended. DMARC authenticates based on the domain, so the IP configuration doesn't prevent its use. However, proper SPF and DKIM setup is crucial.

March 2024 - Mailjet
Marketer view

Email marketer from SparkPost answers that DMARC can be effectively used with shared IPs, especially when combined with DKIM. They suggest that DKIM provides a more robust authentication method in shared IP environments where SPF can be more challenging to configure correctly.

March 2022 - SparkPost

What the experts say
6Expert opinions

Experts generally agree that DMARC is compatible with shared IP addresses because it primarily authenticates emails based on the domain in the 'From' header, not the sending IP. DMARC relies on SPF and DKIM to validate email sources. While DMARC itself is IP-agnostic, careful SPF record management is crucial in shared IP environments to authorize all legitimate senders and avoid deliverability issues. Coordination with ESPs and ongoing monitoring of DMARC reports are also essential for identifying and addressing authentication problems.

Key opinions

  • IP Independence: DMARC operates at the domain level and isn't inherently dependent on the type of IP address (shared or dedicated).
  • SPF/DKIM Reliance: DMARC relies on SPF and DKIM to validate email sources, making their correct configuration critical.
  • Shared IP Challenges: Shared IP environments require careful SPF record management to authorize all legitimate senders and avoid reputation issues due to other senders' activities.
  • ESP Coordination: Working closely with your ESP is important to ensure they properly configure SPF and DKIM for their infrastructure.

Key considerations

  • SPF Management: Carefully manage your SPF records to authorize all legitimate senders using the shared IPs.
  • Reputation Monitoring: Monitor your sender reputation to avoid deliverability issues stemming from the actions of other senders on the shared IP.
  • DMARC Reports: Monitor DMARC reports to identify and address any authentication issues promptly.
  • ESP Alignment: Ensure your ESP's sending infrastructure is properly configured with SPF and DKIM to align with DMARC requirements.
Expert view

Expert from Email Geeks explains that DMARC cares about DKIM and SPF, and only one needs to be aligned.

March 2022 - Email Geeks
Expert view

Expert from Email Geeks confirms that you can have a DMARC record for any domain, regardless of the IP configuration.

February 2022 - Email Geeks
Expert view

Expert from Word to the Wise, Laura Atkins, responds that implementing DMARC in a shared IP environment is possible, but requires coordination with the ESP (Email Service Provider). She emphasizes the importance of ensuring that the ESP’s sending infrastructure is properly configured with SPF and DKIM. Additionally, careful monitoring of DMARC reports is essential for identifying and addressing any authentication issues.

June 2024 - Word to the Wise
Expert view

Expert from Email Geeks clarifies that DMARC doesn't care about shared vs dedicated IPs.

October 2024 - Email Geeks
Expert view

Expert from Spam Resource, John Levine, explains that using DMARC with shared IPs requires careful attention to SPF. When multiple senders share an IP, SPF records must authorize all legitimate senders. Problems arise when one sender's spam activity impacts the reputation of the shared IP, affecting DMARC results for all senders using that IP. He recommends carefully managing SPF records and monitoring sender reputation.

June 2022 - Spam Resource
Expert view

Expert from Email Geeks states that DMARC is not dependent on IPs, it's a domain-level tool, unlike SPF which is IP dependent.

September 2021 - Email Geeks

What the documentation says
4Technical articles

Official documentation confirms that DMARC is compatible with shared IP addresses. DMARC authenticates email based on the domain found in the 'From:' header and relies on SPF and DKIM for validation. While shared IPs do not inherently prevent DMARC implementation, it's crucial to ensure that shared IPs are included in the SPF record and DKIM is correctly configured. Ongoing monitoring of DMARC is recommended.

Key findings

  • IP Independence: DMARC is designed to operate independently of the IP address infrastructure.
  • Domain-Based Authentication: DMARC authenticates based on the domain in the 'From:' header, not the IP address.
  • SPF/DKIM Reliance: DMARC relies on SPF and DKIM to validate email sources.

Key considerations

  • SPF Record Inclusion: Ensure shared IPs are properly included in your SPF record.
  • DKIM Configuration: Correctly configure DKIM for your domain.
  • Monitoring DMARC: Regularly monitor DMARC reports to ensure proper function and identify any issues.
Technical article

Documentation from Google Workspace Admin Help explains that DMARC relies on SPF and DKIM to authenticate emails. While using shared IPs is not a direct impediment to DMARC, ensuring that the shared IPs are properly included in your SPF record and that DKIM is correctly configured is essential for DMARC to function effectively.

June 2022 - Google Workspace Admin Help
Technical article

Documentation from DMARC.org explains that DMARC is designed to work independently of the IP address infrastructure. DMARC focuses on the domain in the 'From:' header of an email, not the IP address from which the email was sent. Therefore, it is perfectly acceptable and common to use DMARC with shared IP addresses.

May 2021 - DMARC.org
Technical article

Documentation from Microsoft outlines the steps for setting up DMARC, emphasizing that it is compatible with shared IP environments. They recommend checking SPF and DKIM records and using monitoring tools to understand how DMARC is working for your domain. Proper configuration is key, regardless of the IP arrangement.

October 2022 - Microsoft
Technical article

Documentation from RFC 7489 (the DMARC standard) answers that DMARC's evaluation scope is the domain found in the RFC5322.From header field. It is not directly concerned with the IP address used to transmit the message, making it compatible with shared IP environments provided other requirements like SPF/DKIM alignment are met.

January 2024 - RFC Editor