DMARCbis-ready · The 2026 standard

What is an organizational domain?

DMARC constantly needs to answer one deceptively hard question: are these two hostnames the same organization? The organizational domain is its answer.

Definition

The organizational domain is the part of a hostname that was actually registered with a registrar: for news.mail.example.com it is example.com. You cannot compute it by counting dots, because public suffixes vary: for shop.example.co.uk the organizational domain is example.co.uk, since .co.uk is itself a suffix anyone can register under. Classic DMARC resolves this with the Public Suffix List (PSL), a community-maintained list of every such suffix: strip the public suffix, keep one more label, and that is the organizational domain.

Where DMARC uses it

  • Policy discovery. Mail from news.example.com with no DMARC record of its own falls back to the record at _dmarc.example.com. This is why one record at the organizational domain covers the whole subdomain tree (and why its sp= tag, the subdomain policy, matters).
  • Relaxed alignment. In relaxed mode, an authenticated domain aligns with the From domain when the two share an organizational domain, so a bounce domain of bounce.example.com still aligns with example.com.

The DMARCbis change

The updated DMARC standard (DMARCbis) retires the PSL dependency and determines the organizational domain by a DNS tree walk instead: the receiver climbs the name hierarchy looking for DMARC records, and tags like psd= mark public-suffix operators. The day-to-day meaning for domain owners is unchanged: your registrable root is still the anchor for inheritance and relaxed alignment. The mechanics of finding it moved from a text file into DNS itself; the details live in our DMARCbis guide.

Keep reading

Last verified 2026-07-10.

Stop guessing. Start monitoring.

Free for one domain. Set up in five minutes. We parse the reports; you read plain-English summaries.