DMARC Configuring
DMARC Configuring for Domain Protection: Manual Implementation
Step 1: Create a DMARC Record
A DMARC record is a TXT record that is added to your DNS zone file. Since it is a TXT record, the format of the data is very simple. A DMARC record is similar to:
v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]
DMARC Record Syntax and Tags Explained
Here are all the available DMARC tags that a domain owner can specify in their DMARC record:
| DMARC Tag | Type | Default value | What it means |
| v | mandatory | The v tag is one of the DMARC tags representing the DMARC protocol version and always has the value v=DMARC1 | |
| pct | optional | 100 | This tag represents the percentage of emails to which the policy mode is applicable. |
| p | mandatory | This tag addresses the DMARC policy mode. You can select from reject, quarantine, and none. | |
| sp | optional | The policy mode configured for your main domain(p) | Specifying the subdomain policy, the sp tag is configured to define a policy mode for your subdomains. Learn more about DMARC sp tag to understand when you should configure it. |
| rua | Optional but recommended | The rua tag is one of the optional DMARC tags that specify the email address or web server wherein reporting organizations are to send their DMARC aggregate RUA report. Example: rua=mailto:ruaaddress@example.com; | |
| ruf | Optional but recommended | Similarly, the ruf tag specifies the address to which the DMARC forensic RUF report is to be sent. Currently, not every reporting organization sends forensic data. Example: ruf=mailto:rufaddress@example.com. | |
| fo | optional | 0 | The DMARC fo tag caters to the available failure/forensic reporting options domain owners can choose from. If you have not enabled ruf for your domain, you can ignore this. The available options to choose from are: 0: a DMARC failure/forensic report is sent to you if your email fails both SPF and DKIM alignment 1: a DMARC failure/forensic report is sent to your when your email fails either SPF or DKIM alignment d: a DKIM failure report is sent if the email’s DKIM signature fails validation, regardless of the alignment s: a SPF failure report is sent if the email fails SPF evaluation, regardless of the alignment. |
| aspf | optional | This tag stands for the SPF alignment mode. The value can be either strict(s) or relaxed(r) | |
| adkim | optional | Similarly, the adkim tag stands for the DKIM alignment mode, the value of which can be either strict(s) or relaxed(r) | |
| rf | optional | afrf | The DMARC rf tag specifies the various formats for Forensic reporting. |
| ri | optional | 86400 | The ri tag addresses the time interval in seconds between two consecutive aggregate reports sent by the reporting organization to the domain owner. |
Step 2: Create a DNS TXT Record in your DNS
Next, you have to create a DNS TXT record that enables DMARC. To do this, you’ll need to log in to your domain registrar’s website and follow these steps:
- Navigate to the DNS section of your domain registrar’s website.
- Create a new TXT record.
- In the Host Value box, enter _dmarc.
- In the TXT Value box, enter the DMARC record you created in step#1.
- Save the record.
Step 3: Validate the DMARC setup
After you configure DMARC for your domain, you can use an online DMARC Lookup Tool to validate your setup. This tool will show you all of the information about your domain’s DMARC record and whether it has been implemented correctly.
Wait For Your DMARC Record To Propagate
After DMARC configuring for domain protection, you will have to wait.
The length of time it takes for the domain protection to propagate depends on the DNS server on which your domain name is registered.
- This process can take up to 48 hours.
- But if you are using Cloudflare as your DNS provider, it can be done in a few minutes.
Now that you are done with DMARC configuring for domain protection, it’s time to verify that your settings are working correctly using the DMARC record lookup tool.
And that’s it! You have successfully configured DMARC for domain protection.
Things You Need To Know for optimal DMARC Configuring
1. It’s important to note that DMARC doesn’t provide any direct defense against these types of attacks, but rather it helps your email provider see if you are trying to stop them. DMARC works by creating a digital signature in your domain’s DNS records that tells receiving mail servers how they should handle incoming emails from your domain.
2. If you have DMARC set up correctly if someone tries to send spoofed emails from your domain, the receiving server will reject them because of their non-matching signatures.
3. To set up DMARC, you must first create a TXT record in your domain’s DNS settings and configure it to point at an email address where the receiver will send reports on messages that fail authentication checks.
Once you have done this, you can then add additional instructions in the record that tell the receiver how to handle failed messages.
For example, if you wanted all emails from your domain with an invalid SPF record or DKIM signature to be sent directly to your junk mail folder, those instructions would be included in your DMARC record.
4. For DMARC to work properly, you must set up either of the two protocols: SPF and DKIM.
- SPF (Sender Policy Framework) tells the receiving server what domain it should expect the email to come from.
- DKIM (DomainKeys Identified Mail) is a method of digitally signing your emails to verify the authenticity of the sender.
5. Several online tools allow you to check your DMARC records which allows you to verify your DMARC settings by adding your domain name and clicking “Lookup.”
Standard Email Protocols: SMTP, POP3 & IMAP Free4 m- What is Email Security? Free4 m
- Email Security Practices Free4 m
- Building an Email Security Compliance Model Free5 m
- Corporate Email Security Checklist Free3 m 30 s
- What is the difference between Inbound email security and outbound email security? Free4 m
- What is Information Security? Free4 m
- Zero Trust Security Model Free3 m
- What is SPF Alignment? Free3 m
- How to Set Up Microsoft Office 365 SPF record? Free4 m
- How to Set Up Google Workspace SPF Record? Free2 m
- How to Set Up MailChimp SPF Record? Free3 m
- How to Set Up SendGrid SPF Record? Free2 m
- How to Set Up Salesforce SPF Record? Free3 m
- How to Setup Zoho Mail SPF Record? Free2 m
- What is DMARC Compliance? Free2 m
- The Benefits of DMARC Free2 m
- DMARC Configuring Free3 m
- Achieving DMARC Enforcement Free2 m
- DMARC Vs Antispam Solutions Free2 m
- DMARC Identifier Alignment Free2 m
- DMARC sp Tag Exceptions & Uses Free1 m
- Configuring DMARC without DKIM Free3 m
- Configuring DMARC without SPF Free2 m
- DMARC Aggregate Report Views Free3 m
Video - PowerDMARC Aggregate Reports Free2 m 13 s- DMARC Forensic Report Views Free2 m
- Video - PowerDMARC Forensic Reports Free
- DMARC Forensic PGP Encryption and Decryption Free2 m
- TLS Report Views Free3 m
- Video - PowerDMARC TLS Reports Free
- PDF/CSV Reports Free2 m
- Video - PowerDMARC PDF/CSV Reports Free1 m 1 s