Learn more about Jira Cloud products, features, plans, and migration.
Integrate Jira Cloud with Confluence, development tools, apps, and self-hosted tools using OAuth and feature flags.
Control who has access to your Jira Cloud products and give them the right permissions to perform their role.
Learn how to set up, customize, and manage Jira Cloud projects.
Explore issues, issue types, issue custom fields, issue screens, custom field context, and issue field configurations in Jira Cloud.
Define the lifecycle of your work and learn about issue workflow schemes and the issue collector.
Learn more on how you can set up Jira Cloud for your team.
Domain-based Message Authentication, Reporting, and Conformance (DMARC) is a standard email authentication method that helps protect email senders and recipients from fraudulent emails or spoofing and phishing attacks.
DMARC cannot be disabled on Free plans. If you wish to disable DMARC, upgrade your plan.
What is spoofing and phishing?
Spoofing is when someone sends an email from a forged email address. Spoofed emails are often used for malicious purposes like sending false information or infecting a computer with malware. They can also be part of a phishing attack which is a scam designed to trick someone into providing sensitive information such as passwords or credit card details.
How DMARC prevents spoofing
DMARC verifies that the identity of the sender that the recipient sees matches the identity that’s shown to the receiving server. It also tells the server what to do if an email doesn’t pass authentication checks, for example, to block the email.
DMARC in Jira Software
When DMARC is enabled for incoming emails in Jira Software, emails that don’t pass authentication checks will be blocked. This may cause some legitimate emails to be blocked if the sender hasn’t configured their email correctly. We urge all customers to ensure that all legitimate emails are signed appropriately to pass DMARC security checks.
For DMARC protection to work in Jira Software, a DMARC record also needs to be set up on the domains your organization or customers use to send emails to your site.
Custom email accounts
The DMARC setting for incoming emails in Jira Software does not apply to projects using a custom email account. If you use a custom email account, you will need to ensure DMARC is set up with a reject policy on the account for it to work.
If you would like to have your own DMARC policy, we recommend using a custom email account.
Manage your DMARC settings
You must be a Jira site admin to manage DMARC settings. To enable or disable DMARC:
Go to Settings > System > Incoming Mail.
Under DMARC incoming email authentication select Enable or Disable.
DMARC will override allowlists. If DMARC is enabled and an email from someone on an allowlist fails a DMARC check, their email will be blocked.
Was this helpful?