Introduction
DMARC (Domain-based Message Authentication, Reporting and Conformance) is a mechanism that allows domain owners to establish policies on what mail servers should do when they receive emails sent from the owner's domain. DMARC is built upon two existing standards: DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF)
The main benefit of DMARC is to mitigate the potential abuse of a domain conducted by malicious third parties. Abuse includes: email spoofing, email phishing, email spamming, and cyber-crime.
How to Setup DMARC
Step 1: Cover your Basics First
DMARC is a layer on top of DKIM and SPF. In order to leverage DMARC policies, users must first define policies for DKIM and SPF. If your organization has not yet implemented these two standards, please refer to our DKIM and SPF resource here.
Step 2: Create a DNS Record for DMARC
After users have configured DKIM and SPF, users will need to publish a DNS TXT record for their domain with a name: _dmarc
The value of this DNS record might look something like this:
v=DMARC1; p=none; rua=mailto:dmarc.reports@yourdomain.comIn the above, replace "dmarc.reports@yourdomain.com" with a valid email address from your organization that is able to receive informational or system messages pertaining to DMARC.
|
Please note that in the example policy above, "p = none" represents a monitoring only policy. This is usually the safer option when organizations are unsure about managing their DMARC policy. As time passes, organizations may want to shift towards other policies based on their needs and requirements. For additional guidance on how to construct a policy, please check out this resource: |
Step 3: Create a DNS Record for your eTrigue mail domain
Log into your domain registrar or system that manages DNS records for your domain.
Create a new DNS record using
Type: A Record
Host Name: be
Value: 199.187.170.200Step 4: Create a SPF record for your eTrigue mail domain
Create a SPF record for the subdomain created in Step 3. Use the following value for your SPF record:
v=spf1 mx include:etrgmail.com -allStep 5: Contact eTrigue to Enable DMARC
After users have created the DNS record for DMARC, contact success@etrigue.com (subject line: "DMARC Request") to complete the setup process. Our team will then enable DMARC on your DemandCenter account.
Frequently Asked Questions
I am not an IT person. What do I put for my DMARC policy?
We recommend the following resources to help you determine the restrictiveness of your DMARC policies:
I setup DMARC, but various tests indicate DMARC alignment is failing.
It is likely that your SPF and/or DKIM policies are not configured. Remember, DMARC is an extension to DKIM and SPF. Thus, a successful DMARC alignment requires implementation of both DKIM and SPF.