How to set up DMARC

  • Updated on August 1, 2023

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication, policy, and reporting protocol. It builds on the widely deployed SPF and DKIM protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor protection of the domain from fraudulent email.

Note: Ensure that you set up an SPF and DKIM record before going through the steps below.

Create DMARC record

Go to MxToolBox DMARC Record Generator.

  1. Enter the domain name.
  2. Click on Check DMARC Record.
  3. Select None.

Important: Always start with the policy of none, which is reporting mode. After a couple of weeks of monitoring and you are satisfied with the results, adjust the value to quarantine or reject.

  1. Fill in the email address that will receive DMARC reports.
  2. Fill in the email address that will receive DMARC reports.
  3. Select No.
  4. Copy the suggested DMARC record.

Add DMARC record in DNS

Publish the TXT record to the authoritative DNS server for your domain. Instructions on how you can do this will differ from each domain provider. For assistance, please get in touch with your domain provider.

An example of the DMARC record in the domain’s public DNS:

Name:

_dmarc.exoip.com

Value:

v=DMARC1; p=none; rua=mailto:dmarc@exoip.com; ruf=mailto:dmarc@exoip.com; fo=1

You added the DMARC record successfully. Wait a couple of minutes for the DNS to be fully propagated.

Verify DMARC record

An excellent way to verify the DMARC record is to use MxToolBox and fill in the domain.

Note: The warning shows that the DMARC policy is not set as Quarantine or Reject. However, you can ignore that warning because you filled in the policy None for monitoring purposes.

After a couple of weeks of monitoring and you are satisfied with the results, change the policy from none to reject.

v=DMARC1; p=reject; rua=mailto:dmarc@exoip.com; ruf=mailto:dmarc@exoip.com; fo=1

You successfully configured the DMARC record.

Related Posts