DMARCbis: What are the changes and how to be ready

Executive Summary: DMARCbis, also known as DMARC 2.0, is the forthcoming update to the DMARC email authentication protocol, designed to address limitations and ambiguities in the original standard, with an expectation to be finalized and published in 2025. The update introduces clearer guidelines, a new method for determining organizational domains, and streamlined record management. While existing DMARC records will remain valid, organizations are encouraged to review and update their implementations to take advantage of improved security, reporting, and compliance features. 

Once fully released, our upcoming DMARCbis guide will be available to support your organization’s transition. 

Key takeaways:

• DMARCbis restructures and clarifies the DMARC specification, introduces new conformance requirements, and replaces the Public Suffix List with a DNS Tree Walk algorithm for more accurate domain alignment.

• Several DMARC record tags, such as pct and rf, are being removed, and new tags like psd are introduced, requiring organizations to review and potentially update their DMARC records for compliance.

• While the changes are evolutionary and not disruptive, early adoption of DMARCbis will enhance security, improve reporting, and ensure alignment with emerging industry standards as the protocol becomes a Proposed Standard in 2025.

Domain-based Message Authentication, Reporting, and Conformance (DMARC) is about to shed its “v1.0” training wheels. The upcoming DMARCbis draft, often called DMARC 2.0, strengthens regulations, clarifies long-standing uncertainties, and updates the reporting process. The good news—whether you call it DMARCbis or DMARC 2.0, the version number in the records is not expected to change.

What is DMARCbis?

DMARCbis (also referred to as DMARC 2.0) is the updated specification of the DMARC protocol. Currently in its final stages of development by the Internet Engineering Task Force (IETF), DMARCbis will revamp the original DMARC specification (RFC 7489) and RFC 9091.

Unlike the original DMARC specification, which was published as an Informational RFC, DMARCbis is set to become a Proposed Standard. This elevation in status reflects the protocol’s maturity and widespread adoption across the email ecosystem. The core purpose remains unchanged: enabling domain owners to protect their domains from unauthorized use, validate legitimate email, and gain visibility into how their domains are being used across the internet.

We also know that updates can sometimes be a headache, but with DMARCbis there is no need to worry. If you currently have a v=DMARC1 record in place, it will remain intact. However, as a new industry standard, we’d advise not to neglect the upgrade once released to ensure optimized protection.

At Red Sift, we have been monitoring the draft from the beginning and are prepared to assist your organization. Our industry-leading Red Sift OnDMARC product has taken the hassle out of DMARC implementation for our global customers since 2017.

What’s changing?

DMARCbis isn’t reinventing the wheel, but rather refining it based on a decade of real-world implementation. Key changes include:

1. Improved structure and clarity: The specification has been reorganized to be more readable, with better examples and clearer definitions to help implementers.
2. New conformance requirements: A dedicated section specifies requirements for “full DMARC participation,” providing clearer guidelines for both domain owners and email receivers.
3. Domain alignment changes: The new specification introduces a “Tree Walk” method through parent domains instead of relying on the Public Suffix List. This allows for more accurate determination of Organizational Domain boundaries.
4. Tag modifications: Some DMARC record tags like pct and rf are being removed, streamlining the protocol and potentially affecting existing implementations.
5. Enhanced guidance: More comprehensive guidelines and examples make implementation more straightforward for organizations at all levels of technical sophistication.

When will these changes take effect?

DMARCbis is currently in the “IETF Last Call” phase, one of the final stages before publication. The draft specification (currently at version 41 as of April 4, 2025) is expected to be officially published as a standard in 2025.

While formal adoption will take time across the email ecosystem, forward-thinking organizations should begin understanding these changes now to stay ahead of the curve.

What this means for existing users

If you’ve already implemented DMARC, you’re on the right track, but some adjustments may be necessary:

1. Review Your DMARC Records: When DMARCbis is finalized, you’ll need to review your existing DMARC records for deprecated tags like pct and adjust accordingly. If you need support, our customer success team will be on hand and ready.
2. Understand alignment changes: The new Tree Walk method for domain alignment may affect how your organizational domains are identified and authenticated.
3. Check reporting configuration: Ensure your current reporting setup will remain compatible with the new standard.
4. Prepare your team: Use this blog to educate your email security team about the upcoming changes so they’re ready to adapt and speak to your DMARC provider if you have further questions.

The good news is that DMARCbis aims to be evolutionary rather than revolutionary, so major disruptions are unlikely for organizations with properly implemented DMARC. Not sure if your organization is DMARC ready? Use our free Red Sift Investigate tool to get started.

Why implementing DMARCbis will be vital

DMARC offers a significantly enhanced security posture by refining the protocol to better protect your domain from spoofing and phishing attacks. With improved email authentication, your messages are more likely to be recognized as legitimate, leading to better email deliverability and ensuring that your communications reach their intended recipients’ inboxes. 

Additionally, the updated specification provides better visibility through enhanced reporting capabilities, giving you clearer insights into how your domain is being used and helping you quickly identify and address potential vulnerabilities.

Adopting DMARCbis also means your organization is future-proofed, staying ahead of evolving industry standards and email security best practices. Early implementation not only demonstrates your commitment to robust cybersecurity but also aligns your organization with zero trust security architectures that are rapidly becoming the norm in modern IT environments. 

This proactive approach ensures that your domain remains secure and trusted as the email threat landscape continues to evolve.

How Red Sift OnDMARC can support

Navigating the transition to DMARCbis doesn’t have to be challenging. Red Sift OnDMARC is positioned to help organizations prepare for and implement these changes effectively by:

• Providing a centralized platform to monitor and manage your DMARC implementation
• Offering guidance on updating DMARC records to comply with the new standard
• Delivering actionable insights through comprehensive reporting
• Simplifying the complex aspects of email authentication
• Supporting your organization throughout the transition process

As DMARCbis moves toward official publication, having a dedicated solution like OnDMARC can significantly reduce the complexity and resource requirements typically associated with email authentication management.

Email security remains a critical concern for organizations of all sizes, and DMARCbis represents an important step forward in the ongoing effort to make email more secure and trustworthy. By understanding and implementing these changes proactively, you can strengthen your security posture and protect both your organization and customers from increasingly sophisticated email-based threats.

Not sure where to start? Contact the Red Sift team and get the guidance you need today.