DMARC (Domain-based Message Authentication, Reporting and Conformance) is a mechanism that allows to the e-mail senders and receivers to determine or not a given message is legitimately from the sender, and what to do if it isn’t. The DMARC record allows easier to identify spam and/or phishing messages, received in the Customers's mailbox, and to keep them out of there.
Example of DMARC record:
Host | Type | Points to: | TTL |
_dmarc.yourdomain.com | TXT | v=DMARC1;p=reject;pct=100;rua=mailto:mailmaster@postmaster.com | 3600 |
In the example shown above, the sender requests that the receiver outright reject all non-aligned messages and send a report, in a specified aggregate format, about the rejections to a specified address. If the sender was testing its configuration, it could replace “reject” with “quarantine” which would tell the receiver they shouldn’t necessarily reject the message, but consider quarantining it.
DMARC records follow the extensible “tag-value” syntax for DNS-based key records defined in DKIM.
You can see the available tags here:
Tag name | Purpose | Sample |
v | Protocol version | v=DMARC1 |
pct | Percentage of messages subjected to filtering | pct=20 |
ruf | Reporting URI for forensic reports | ruf=mailto:authfail@example.com |
rua | Reporting URI of aggregate reports | rua=mailto:aggrep@example.com |
p | Policy for organizational domain | p=quarantine |
sp | Policy for subdomains of the OD | sp=reject |
adkim | Alignment mode for DKIM | adkim=s |
aspf | Alignment mode for SPF | aspf=r |
To add DMARC, you need to create a TXT record in your DNS Zone. You can see the example below:
DMARC is the latest trend of the email authentication technics. It verifies that the sender's email messages are protected by both SPF and DKIM records. In conclusion, the DMARC authentication is always a good idea.
To add DMARC, go to your DNS zone management page and click on “Add new record”. For "Type" choose "TXT" and type as follows:
*This hostname is used as an example.
ClouDNS provides full support for DMARC records for all our DNS services, including the listed below. Just write to our technical support, if you need any assistance with your DMARC records configuration. Our Technical Support team is online for you 24/7 via live chat and tickets.
Question: Where is the option for adding a DMARC record? I cannot see it.
Answer: DMARC can be implemented by adding a TXT record as described in this article.
Question: How can I generate the values for my DMARC record?
Answer: There are plenty of DMARC generators and DMARC wizards on the Internet. You can use any of them.