Domain-based Message Authentication, Reporting & Conformance (DMARC) is used in conjunction with SPF and DKIM to combat email spoofing. Spoofing occurs when a scammer uses your domain in the From field of an email to impersonate one of your email users. DMARC uses a policy that is listed in your DNS records. This policy tells the receiving email host how to treat emails sent from your domain based on the criteria that you set. This mechanism also gives visibility into reports on what your domain is sending, and how receiving hosts are treating that mail.
DMARC enforces SPF and DKIM. DMARC is useful only if you have already set up SPF and DKIM records. Before creating your DMARC policy, you must first create an SPF record, then create a DKIM record, and lastly create a DMARC record policy.
Considerations for DMARC
To set up DMARC the way that works best for your needs, answer these questions:
How should questionable mail be handled?
Decide whether questionable email should be rejected outright or should be classified as a “soft fail,” which means that the email is further scrutinized or sent to spam.
Who should receive DMARC reports?
When the receiving host processes mail that comes from the domain, the host generates reports. These reports are sent to the email address specified in the DMARC policy.
Parts of a DMARC policy
Each part of the policy is defined as follows:
- v=DMARC1 indicates the version of DMARC used.
- p=quarantine: is the policy action.
- none: Do nothing/reporting only
- quarantine: Treat the mail as spam
- reject: Refuse mail that fails DKIM and SPF
- rua= identifies the destination for the aggregate reports.
- pct=100 specifies how much traffic should be subject to policy validation.
Create a DMARC policy in your DNS settings
Note: If we host your DNS records you can submit a support ticket with your DMARC TXT record and we will get it added to your DNS for you.
Log into your DNS hosting provider and create a TXT record for the record type. Enter the following values, replacing the settings with the value you choose to use:
Destination/Value: v=DMARC1; p=none; rua=mailto:email@example.com
TTL: 3600 seconds or lowest allowed