|How do I create a DMARC record?|
What is DMARC?DMARC is a validation system that - in combination with SPF and DKIM - helps to prevent email impersonation fraud, or spoofing. SPF and DKIM are methods to authenticate an email by checking how it was sent and by who. DMARC then determines what to do with an email that can't be authenticated.
SPF verifies if an email was sent using approved servers.
DKIM adds a digital signature to emails, allowing receiving mail servers to verify the email.
DMARC sets a policy on what to do with emails that fail either SPF or DKIM checks.
For DMARC to be useful, you need to have DKIM and SPF enabled for your domain. DKIM is enabled by default for emails using our servers, and you can check our guide on how to enable SPF.
How does DMARC help?DMARC helps to protect your domain from being used to send phishing and spoofing emails, effectively blocking others from impersonating you, or your company.
In combination with SPF and DKIM, DMARC also shows email providers that you are trustworthy and no scammer. This improves overall deliverability, which can be very useful when sending, for example, newsletters.
Note: DMARC only has effect when sending email. It doesn't affect the spam emails you receive in your own inbox. However, if all email accounts implement these validation methods, in theory, spoofing would no longer be possible.
DMARC policiesWhen you create the DMARC record, you need to choose a policy to determine what happens with emails that fail the DMARC check:
The normal process when selecting policies is to start with "none", then "quarantine" and finally "reject". That way you can first monitor what emails are sent from your domain, then quarantine to test the effect, and finally reject all emails that can't be authenticated.
If you want to follow this procedure, we strongly recommend using an external (paid) service to help you with analysing the reports, such as, Dmarcian, EasyDMARC, or DMARCLY.
If you just want to enable DMARC, we recommend selecting "quarantine". This delivers unauthenticated emails in the spam folder or marks them as suspicious.
DMARC email reportsWhen you create a DMARC record you also need to enter an email address to receive reports. The reports contain an overview in XML of all email traffic from your domain and which mails fail the DMARC check.
There are two types of reports:
We recommend that you create an email account on your domain and use this to receive reports. It's also recommended to get both the RUA and RUF reports.
Note: Not all email providers adhere to DMARC policies, so it's possible that not all mails you sent are listed.
Create a DMARC record on your domainGo to DNS records and create a record of type TXT, so Enter the following details:
Wait a few minutes and check if your record is set up correctly with a DMARC record checker.
|This resource belong to this community unless differently stated.|
No reproduction possible without our agreement, in accordance with article L122-1 of the CPI.