• Products
  • Documentation
  • Resources

Manage DMARC authentication for incoming emails

Domain-based Message Authentication, Reporting, and Conformance (DMARC) is a standard email authentication method that helps protect email senders and recipients from fraudulent emails or spoofing and phishing attacks. 

DMARC cannot be disabled on Free plans. If you wish to disable DMARC, upgrade your plan.

What is spoofing and phishing?

Spoofing is when someone sends an email from a forged email address. Spoofed emails are often used for malicious purposes like sending false information or infecting a computer with malware. They can also be part of a phishing attack which is a scam designed to trick someone into providing sensitive information such as passwords or credit card details. 

How DMARC prevents spoofing

DMARC verifies that the identity of the sender that the recipient sees matches the identity that’s shown to the receiving server. It also tells the server what to do if an email doesn’t pass authentication checks, for example, to block the email.

DMARC in Jira

When DMARC is enabled for incoming emails in Jira, emails that don’t pass authentication checks will be blocked. This may cause some legitimate emails to be blocked if the sender hasn’t configured their email correctly. We urge all customers to ensure that all legitimate emails are signed appropriately to pass DMARC security checks.

For DMARC protection to work in Jira, a DMARC record also needs to be set up on the domains your organization or customers use to send emails to your site.

Custom email accounts

The DMARC setting for incoming emails in Jira does not apply to projects using a custom email account. If you use a custom email account, you will need to ensure DMARC is set up with a reject policy on the account for it to work.

If you would like to have your own DMARC policy, we recommend using a custom email account.

Manage your DMARC settings

You must be a Jira site admin to manage DMARC settings. To enable or disable DMARC:

  1. Go to Settings > System > Incoming Mail.

  2. Under DMARC incoming email authentication select Enable or Disable.

DMARC will override allowlists. If DMARC is enabled and an email from someone on an allowlist fails a DMARC check, their email will be blocked.

Still need help?

The Atlassian Community is here for you.