How to set up DMARC policy record

Domain-based Message Authentication, Reporting, and Conformance (DMARC) is an email sender authentication policy based on the DKIM and SPF protocols. This policy determines how the recipient's email server should process incoming emails if the sender’s address is not identified.

Why is DMARC important

The DMARC policy protects domain owners from the harmful effects of fraudulent activities. Sometimes attackers send fraudulent emails from the domain names of reputable companies. Recipients mark fraudulent emails as spam, and as a result, the reputation of the domain from which they originated suffers.

How does DMARC work

When an email is sent from a domain, the recipient's email server verifies whether or not the email address in the "From" line matches the SPF record and DKIM signature. If it does, the email is sent to the recipient’s inbox. If the email fails the authentication checks, it is processed according to the selected DMARC policy:

none The email falls into the recipient’s inbox. The domain name owner receives a report with information about sending such messages to analyze who sends them and whether they are allowed to do so.
quarantine The email server of the recipient moves the email to the spam folder, and domain owners continue to analyze the data.
reject Emails that do not pass the DMARC check are rejected and not delivered at all. If you set up this type of policy, make sure that third parties who are allowed to send messages from your domain are added to the whitelist. Otherwise, their emails will also be rejected. This also applies to CRM systems and email services providers.

You can check whether DMARC policy is used for your domain with URlports, and dmarcian will show the details of DMARC records for any domain.

Email campaigns and DMARC policy

Some free email clients, such as AOL, Yahoo, use DMARC policies to prohibit email campaigns from third-party email service providers. Therefore, SendPulse, like other email service providers, limits sending email campaigns from addresses with such domain names.

We recommend registering your domain and setting up an email address for it. You can also use an email client that has not yet implemented DMARC policy. But such a solution does not guarantee the delivery of emails to recipients, and they can still land into the spam folder.

How to set up DMARC

  1. Revise emails sent from your domain, including system emails from servers and other equipment, email delivery reports (DSN and NDR), internal mailing lists, and the like, and add all legitimate email addresses to the white list.
  2. Configure the SPF and DKIM records for the required domain.
  3. In the DNS zones management section of the domain, publish a DMARC record with the policy set to none.
  4. Analyze the data and change the DMARC policy flags from none to quarantine or reject, depending on how you want the messages from unauthorized senders to be processed by the recipient server.

Record example:

v=DMARC1;p=reject;rua=mailto:example@domain.com;ruf=mailto:email@domain.com;fo=s

Where:

v A protocol version, equals DMARC1. This parameter should be the first one in the record and means that this record defines the DMARC policy.
p The email processing policy. It is set to none, quarantine, or reject
rua An email address to receive reports of failed authentication checks. Since each error generates a separate report, it is better to specify a different email box for them.
fo

Determines when the reports will be sent to the domain owner.

Possible fo values:

0 — the report is sent if SPF and DKIM checks are failed. It is the default value.

1 — the report is sent if one of the checks fails, either SPF or DKIM.

d — the report is sent for each failed DKIM key verification.

s — the report is sent for each failed SPF check.

    Rate this article about "How to set up DMARC policy record"

    User Rating: 4 / 5 (14)

    Previous

    How to Get a Bulk Email Permit

    Next

    How to Send Bulk Emails Without Getting Blacklisted

    Popular in Our Blog

    Try SendPulse today for free