DMARC (Domain-based Message Authentication, Reporting and Conformance) is a mechanism that allows domain owners to establish policies on what mail servers should do when they receive emails sent from the owner's domain. DMARC is built upon two existing standards: DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF)
The main benefit of DMARC is to mitigate the potential abuse of a domain conducted by malicious third parties. Abuse includes: email spoofing, email phishing, email spamming, and cyber-crime.
How to Setup DMARC
Step 1: Cover your Basics First
DMARC is a layer on top of DKIM and SPF. In order to leverage DMARC policies, users must first define policies for DKIM and SPF. If your organization has not yet implemented these two standards, please refer to our DKIM and SPF resource here.
Step 2: Create a DNS Record for DMARC
After users have configured DKIM and SPF, users will need to publish a DNS TXT record for their domain with a name: _dmarc
The value of this DNS record look something like this:
v=DMARC1; p=none; rua=mailto:firstname.lastname@example.org
In the above, replace "email@example.com" with a valid email address from your organization that is able to receive informational or system messages pertaining to DMARC. For example, you could specify an email address from your Information Technology department.
Please note that in the example policy above, "p = none" represents a monitoring only policy. It is recommended that organizations review all available policies, or apply a more restrictive policy model based on the organization's needs and requirements.
For guidance on determine DMARC policies, we recommend this resource: https://www.dmarcanalyzer.com/dmarc/create-dmarc-record/
Step 3: Create a DNS Record for your mail domain
Create a DNS resource record for your subdomain. The name, type and values are as follows:
Type: A Record
Host Name: be
For example, if you are sending mail from @yourdomain.com, then you would create a DNS A Record for be.yourdomain.com with the value of 126.96.36.199.
Step 4: Contact eTrigue to Enable DMARC
After users have created the DNS record for DMARC, contact firstname.lastname@example.org (subject line: "DMARC Request") to complete the setup process. Our team will then enable DMARC on your DemandCenter account.
Frequently Asked Questions
I am not an IT person. What do I put for my DMARC policy?
We recommend checking out the following resources:
I setup DMARC, but various tests indicate DMARC alignment is failing.
It is likely that your SPF and/or DKIM policies are not configured. Remember, DMARC is an extension to DKIM and SPF. Thus, a successful DMARC alignment requires implementation of both DKIM and SPF.