DMARC (Domain-based Message Authentication, Reporting and Conformance) is a mechanism that allows domain owners to establish policies on what mail servers should do when they receive emails sent from the owner's domain. DMARC is built upon two existing standards: DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF)
The main benefit of DMARC is to mitigate the potential abuse of a domain conducted by malicious third parties. Abuse includes: email spoofing, email phishing, email spamming, and cyber-crime.
How to Setup DMARC
Step 1: Cover your Basics First
DMARC is a layer on top of DKIM and SPF. In order to leverage DMARC policies, users must first define policies for DKIM and SPF. If your organization has not yet implemented these two standards, please refer to our DKIM and SPF resource here.
Step 2: Create a DNS Record for DMARC
After users have configured DKIM and SPF, users will need to publish a DNS TXT record for their domain with a name: _dmarc
The value of this DNS record might look something like this:
v=DMARC1; p=none; rua=mailto:email@example.com
In the above, replace "firstname.lastname@example.org" with a valid email address from your organization that is able to receive informational or system messages pertaining to DMARC. For example, you could specify an email address from your Information Technology department.
Please note that in the example policy above, "p = none" represents a monitoring only policy. It is recommended that organizations review all available policies, or apply a more restrictive policy model based on their needs and requirements.
For guidance on determine DMARC policies, here is a recommended resource:
Step 3: Create a DNS Record for your eTrigue mail domain
Create a DNS resource record for your subdomain. The name, type, and values are as follows:
Type: A Record
Host Name: be
For example, suppose Company X will be sending email from @yourdomain.com, then Company X would setup a DNS A Record that is be.yourdomain.com with a value of 126.96.36.199.
Step 4: Create a SPF record for your eTrigue mail domain
Create a SPF record for the subdomain created in Step 3. Use the following value for your SPF record:
v=spf1 mx include:etrgmail.com -all
Step 5: Contact eTrigue to Enable DMARC
After users have created the DNS record for DMARC, contact email@example.com (subject line: "DMARC Request") to complete the setup process. Our team will then enable DMARC on your DemandCenter account.
Frequently Asked Questions
I am not an IT person. What do I put for my DMARC policy?
We recommend the following resources to help you determine the restrictiveness of your DMARC policies:
I setup DMARC, but various tests indicate DMARC alignment is failing.
It is likely that your SPF and/or DKIM policies are not configured. Remember, DMARC is an extension to DKIM and SPF. Thus, a successful DMARC alignment requires implementation of both DKIM and SPF.