How to Create and Publish a DMARC Record?
Instructions for Generating Your DMARC Record
The process for generating your DMARC DNS Record is extremely simple if you use an online DMARC record generator tool for this purpose. All you need to do is fill up the following criteria:
- Choose your DMARC policy mode(if you are just starting out with email authentication, we recommend a policy of p=none for you to begin with so you can monitor your email flow)
- Choose the DMARC policy mode for your subdomains ( we recommend you only activate this criterion if you wish to opt for a different policy for your subdomains, else, by default it takes up the same policy as your main domain)
- Type in your desired email addresses wherein you want your DMARC RUA (aggregate) and RUF (Forensic) reports to be delivered to
- Choose your DKIM alignment mode (for strict alignment the DKIM signature in the email header has to match exactly with the domain found in the From header. For relaxed alignment the two domains must share the same organizational domain only)
- Choose your SPF alignment mode (for strict alignment the domain in the Return-path header has to match exactly with the domain found in the From header. For relaxed alignment the two domains must share the same organizational domain only)
- Choose your forensic options (this represents under which circumstances you want to receive your forensic reports)
A typical error-free DMARC record looks something like this:
v=DMARC1; p=none; sp=none; rua=mailto:example@domain.com; ruf=mailto:example@domain.com; fo=1;
The generated record is now to be published in your domain’s DNS on the subdomain: _dmarc.YOURDOMAIN.com
How to Publish Your DMARC Record?
In order to publish your generated DMARC record, you will need to log in to your DNS console and navigate to the specific domain for which you want to configure DMARC.
After navigating to the domain in your DNS management console, you will need to specify the hostname and the resource type. Since DMARC exists in your domain as a DNS TXT record, the resource type for it is TXT, and the hostname to be specified in this case is : _dmarc
Finally, you need to add the value of your DMARC record (the record you generated previously): v=DMARC1; p=none; sp=none; rua=mailto:example@domain.com; ruf=mailto:example@domain.com; fo=1;
Save changes to the whole process and you have successfully configured DMARC for your domain!
NOTE: DNS record propagation in your domain name system may take up to 72 hours depending on your provider.
How to check your DMARC record?
To check your DMARC record you can use an online DMARC record lookup tool to make sure your record is devoid of errors, is functional, and configured properly.
Note that SPF and DKIM alone cannot protect your domain against attacks. To protect your domain, pairing DMARC with SPF and DKIM is your best bet.
What is SPF? Free2 m
Video Introduction to SPF Free1 m 41 s- A Brief History of SPF Free1 m
- How does SPF work? Free2 m
- SPF Tags: Syntax of an SPF Record Explained Free3 m
- How to create and publish SPF records? Free2 m
- SPF Authentication Failures Free3 m
- Video Explanation: SPF PermError Free1 m 39 s
Quiz 430 m
- What is DMARC? Free1 m
- Video Introduction to DMARC Free1 m 15 s
- A Brief History of DMARC Free1 m
- How does DMARC work? Free2 m
- What is DMARC Policy? : None, Quarantine & Reject Free2 m
- Video Explanation: DMARC Policy Free1 m 40 s
- DMARC Tags Free2 m
- DMARC Aggregate (RUA) Reports Free3 m
- DMARC Forensic (RUF) Reports Free2 m
- How to Create and Publish a DMARC Record? Free3 m
- DMARC Authentication Failures Free3 m
- Video Explanation: Why does DMARC Fail? Free1 m 37 s
- Quiz 630 m