Back to blog
Alla Chernenko avatar
Alla Chernenko
July 6, 2026
DMARC (1)

DMARC Officially Updated: What RFC 9989, RFC 9990 & RFC 9991 Mean for Your Business Email

If you've recently seen news that DMARC RFC 7489 has been replaced by RFC 9989, RFC 9990, and RFC 9991, don't panic.

Despite the headlines, this is not a major change to how DMARC works. Most businesses won't need to update anything immediately.

Instead, these new RFCs reorganize and modernize the DMARC specification, making it easier for email providers and software vendors to implement and maintain in the future.

In this article, we'll explain what changed, why it matters, and what businesses using email marketing platforms like Wooxy should know.

What Is DMARC?

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication standard that helps protect your domain from:

  • phishing attacks
  • email spoofing
  • impersonation
  • unauthorized email sending

It works together with two other authentication technologies:

  • SPF
  • DKIM

When these three technologies work together, mailbox providers like Gmail, Outlook, and Yahoo can verify whether an email really came from your domain.

Without DMARC, anyone could attempt to send emails pretending to be your business.

Why DMARC Is Important

DMARC is one of the most important email security standards for modern businesses. It helps prove that emails sent from your domain are genuine and not forged by scammers or cybercriminals. This protects your brand from phishing attacks and prevents unauthorized people from sending emails that appear to come from your company.

DMARC also improves email deliverability. When combined with SPF and DKIM, it helps mailbox providers like Gmail, Outlook, and Yahoo verify your emails, making them more likely to reach your customers' inboxes instead of the spam folder. This is especially important for businesses that send newsletters, promotional campaigns, order confirmations, invoices, password reset emails, or appointment reminders.

As email providers continue to strengthen their security requirements, having DMARC properly configured has become an essential part of reliable business email. It helps build customer trust, protects your domain's reputation, and ensures your important emails are delivered successfully.

What Changed in the New DMARC

For more than a decade, the official DMARC specification was defined in RFC 7489, published in 2015. That document has now been replaced by RFC 9989, RFC 9990, and RFC 9991.

This does not introduce a new version of DMARC or change how email authentication works. Instead, the original specification has been reorganized into separate documents that cover the core DMARC protocol and its reporting features. This makes the standard easier for email providers and software developers to maintain, update, and improve over time without rewriting a single, large specification.

What Hasn't Changed >>

The good news is that this update doesn't affect how businesses send authenticated email today.

If your domain is already using SPF, DKIM, and DMARC, everything continues to work as before. Your existing DMARC DNS record remains valid, email authentication works the same way, and major mailbox providers such as Gmail, Outlook, and Yahoo will continue validating your messages using the same authentication process.

In short, nothing breaks because of these new RFCs. For most businesses, there is nothing to update or reconfigure—the changes are behind the scenes and mainly affect how the DMARC standard is documented for future implementations.

Do Businesses Need to Update Their DMARC Record?

For almost every business, the answer is no. If your domain already has SPF, DKIM, and DMARC configured correctly, you don't need to make any immediate changes because of the new RFCs.

This update is primarily aimed at email software developers, email service providers, mailbox providers, and organizations that build or maintain email authentication systems. Instead of referencing RFC 7489, future email products and documentation will use RFC 9989, RFC 9990, and RFC 9991 as the official DMARC specifications. 

For businesses that simply send marketing, transactional, or automated emails, everything continues to work as before.

What This Means for Wooxy Clients

If you send emails through Wooxy, you don't need to worry about these RFC changes.

Wooxy continues sending authenticated email using industry-standard:

  • SPF
  • DKIM
  • DMARC

Our infrastructure follows current email authentication best practices, so customers don't need to manually adjust their campaigns because of this documentation update.

If you're using another email platform and aren't sure whether your domain authentication is configured correctly, it's a good idea to ask your provider.

Why Email Authentication Matters More Than Ever

While the RFC update itself isn't disruptive, email authentication has become increasingly important.

Major email providers have strengthened their requirements to reduce spam and phishing.

Businesses without proper authentication may experience:

  • lower inbox placement
  • increased spam filtering
  • reduced customer trust
  • delivery failures

Strong authentication isn't just a technical recommendation anymore —i t's a fundamental requirement for reliable email communication.

Best Practices for Businesses

To maximize deliverability:

  • Publish valid SPF records.
  • Enable DKIM signing.
  • Configure a DMARC policy.
  • Monitor DMARC reports.
  • Keep DNS records up to date.
  • Use a trusted email platform.
  • Regularly review your domain authentication.

These practices remain exactly the same after the RFC update.

Frequently Asked Questions

  • Has DMARC 2026 changed?
    Icon caret

    No. The core DMARC protocol works the same. The official documentation has simply been reorganized into three RFCs.

  • Do I need to update my DMARC record?
    Icon caret

    In most cases, no.

  • Does this affect email marketing?
    Icon caret

    Not directly. Your campaigns continue working as long as your authentication is correctly configured.

  • Why were new RFCs published?
    Icon caret

    To separate different parts of the specification, making future maintenance easier.

  • What are RFC 9989, RFC 9990, and RFC 9991?
    Icon caret

    These are the new official documents that define the DMARC standard. They replace the older RFC 7489 by separating the specification into multiple documents, making it easier to maintain and update in the future.

  • Why was RFC 7489 replaced?
    Icon caret

    The original DMARC specification combined several topics into one document. The new RFCs organize the protocol, aggregate reporting, and failure reporting into separate specifications, making the standard clearer for developers and email providers.

  • Is RFC 7489 still valid?
    Icon caret

    RFC 7489 has been officially obsoleted by RFC 9989, RFC 9990, and RFC 9991. However, the DMARC protocol itself remains compatible, so existing implementations continue to function normally.

  • Do I need to update my DMARC DNS record?
    Icon caret

    No. If your DMARC record is already configured correctly, there is no need to update it because of the new RFCs.

  • Will Gmail, Outlook, or Yahoo require changes because of this update?
    Icon caret

    No. Major mailbox providers continue validating email using the same DMARC, SPF, and DKIM mechanisms. The update mainly changes the official documentation.

  • How can I check if my domain has DMARC?
    Icon caret

    You can use online DMARC lookup tools or inspect your DNS records. Your domain should have a TXT record beginning with: _dmarc.yourdomain.com

  • What happens if my business doesn't use DMARC?
    Icon caret

    Without DMARC, cybercriminals may be able to spoof your domain, making it easier to send phishing emails that appear to come from your business. Your legitimate emails may also have lower deliverability.

  • Does Wooxy support DMARC?
    Icon caret

    Yes. Wooxy supports industry-standard email authentication, including SPF, DKIM, and DMARC. If your domain is properly configured, you can continue sending campaigns without making changes because of the new RFCs.

The replacement of RFC 7489 with RFC 9989, RFC 9990, and RFC 9991 is an important milestone for the email industry — but it's largely an organizational update rather than a technical overhaul.

For most businesses, the message is simple:

  • Your existing DMARC record still works.
  • SPF and DKIM remain unchanged.
  • No immediate action is required.
  • Continue following email authentication best practices.

As inbox providers continue strengthening security, having properly authenticated email remains one of the most effective ways to protect your brand, improve deliverability, and build trust with customers.

Whether you send marketing campaigns, transactional emails, or automated customer journeys, maintaining a healthy authentication setup is essential — and platforms like Wooxy help make that process seamless.