How to set up DMARC policy record
Domain-based Message Authentication, Reporting, and Conformance (DMARC) is an email sender authentication policy based on the DKIM and SPF protocols. This policy determines how the recipient's email server should process incoming emails if the sender’s address is not identified.
Why is DMARC important
The DMARC policy protects domain owners from the harmful effects of fraudulent activities. Sometimes attackers send fraudulent emails from the domain names of reputable companies. Recipients mark fraudulent emails as spam, and as a result, the reputation of the domain from which they originated suffers.
How does DMARC work
When an email is sent from a domain, the recipient's email server verifies whether or not the email address in the "From" line matches the SPF record and DKIM signature. If it does, the email is sent to the recipient’s inbox. If the email fails the authentication checks, it is processed according to the selected DMARC policy:
none |
The email falls into the recipient’s inbox. The domain name owner receives a report with information about sending such messages to analyze who sends them and whether they are allowed to do so. |
quarantine |
The email server of the recipient moves the email to the spam folder, and domain owners continue to analyze the data. |
reject |
Emails that do not pass the DMARC check are rejected and not delivered at all. If you set up this type of policy, make sure that third parties who are allowed to send messages from your domain are added to the whitelist. Otherwise, their emails will also be rejected. This also applies to CRM systems and email services providers. |
You can check whether DMARC policy is used for your domain with URlports, and dmarcian will show the details of DMARC records for any domain.
Email campaigns and DMARC policy
Some free email clients, such as AOL, Yahoo, use DMARC policies to prohibit email campaigns from third-party email service providers. Therefore, SendPulse, like other email service providers, limits sending email campaigns from addresses with such domain names.
We recommend registering your domain and setting up an email address for it. You can also use an email client that has not yet implemented DMARC policy. But such a solution does not guarantee the delivery of emails to recipients, and they can still land into the spam folder.
How to set up DMARC
- Revise emails sent from your domain, including system emails from servers and other equipment, email delivery reports (DSN and NDR), internal mailing lists, and the like, and add all legitimate email addresses to the white list.
- Configure the SPF and DKIM records for the required domain.
- In the DNS zones management section of the domain, publish a DMARC record with the policy set to
none. - Analyze the data and change the DMARC policy flags from none to quarantine or
reject, depending on how you want the messages from unauthorized senders to be processed by the recipient server.
Record example:
v=DMARC1;p=reject;rua=mailto:example@domain.com;ruf=mailto:email@domain.com;fo=s
Where:
v |
A protocol version, equals DMARC1. This parameter should be the first one in the record and means that this record defines the DMARC policy. |
p |
The email processing policy. It is set to none, quarantine, or reject |
rua |
An email address to receive reports of failed authentication checks. Since each error generates a separate report, it is better to specify a different email box for them. |
fo |
Determines when the reports will be sent to the domain owner. Possible
|
Last Updated: 14.12.2023
or