- What is DMARC?
- Why is DMARC important?
- How does DMARC work?
- How to set up DMARC?
- What to write in DMARC settings
- Which DMARC policy to choose
- Free DMARC Record Generator
What is DMARC and Why is it Important?
DMARC (domain-based message authentication reporting and conformance) is an email authentication protocol that helps protect users from spam and phishing emails. It works by telling email servers what to do with emails that fail authentication checks.
Why is DMARC important?
DMARC is important because it helps to protect users from spam and phishing emails. These emails can be used to steal personal information, such as logins, passwords, and credit card numbers. DMARC can also help to improve the deliverability of your emails by ensuring that they are not blocked by spam filters.
How does DMARC work?
DMARC is a protocol that tells the server what to do with the message if the DKIM and SPF records are incorrect.
SPF identifies authorized servers that can send emails from a specific domain, while DKIM cryptographically signs emails, allowing verification of their origin.
When an email arrives, email servers check its SPF and DKIM signatures. If both checks fail, the DMARC policy dictates how the email should be handled. The policy options are:
-
None: With a None policy, you do not want the email receiver to do anything with the emails. The email goes into the inbox of the receiver and you can use this data of the DMARC reports to start analyzing who is sending emails on your behalf.
-
Quarantine: With a Quarantine policy, you tell the email receivers to put these emails in special ‘quarantine’ folders like the junk / spam folder. You still analyze all the data and check who is sending email on behalf of your domain and if they are allowed to.
-
Reject: The Reject policy instructs email receivers to reject emails that fail DMARC authentication. While this ensures maximum security, it's crucial to whitelist authorized senders to avoid blocking their emails.
How to set up DMARC?
- Go to your website's hosting control panel.
- Find DNS records management in the settings.
- Enter a new DMARC TXT record. A TXT record is a type of DNS record in text format that tells external sources what to do. We have listed the most common entries in the examples below. You can copy the entry from there.
- Save your changes.
What to write in DMARC settings
DMARC tags are either required or optional. The required ones are v=DMARC1 and p= with the policy value.
"v=DMARC1; p=none"
- v=DMARC1 — version of the DMARC protocol, must be 1.
-
p=: Specifies the Requested Mail Receiver Policy, which determines how to handle emails that fail authentication checks. The policy can have three values:
-
none: Take no special action.
-
quarantine: Send emails to the spam folder.
-
reject: Do not deliver the email at all.
-
In addition to the required tags, you can specify additional optional tags to fine-tune your DMARC settings. Here are some common optional tags:
-
aspf and adkim: Allow checking SPF and DKIM authentication records. Values can be "r" (relaxed) for soft checking or "s" (strict) for strict checking.
-
pct: Specifies the percentage of emails to which the DMARC policy should be applied. If not specified, all emails will be filtered. For example, "pct=20" means apply the DMARC policy to only 20% of emails.
-
sp: Defines a subdomain policy for specific subdomains within your domain. Each subdomain can have its own DMARC policy.
-
rua: Specifies an email address to receive daily aggregated DMARC reports. These reports provide insights into email authentication activity from your domain.
-
rf: Instructs email servers to send reports if an email fails authentication checks.
-
fo: Defines failure reporting options for situations where the report mechanism fails. Values can be:
-
fo=0: Default option. Send a report if none of the authentication steps are passed.
-
fo=1: Send a report if at least one authentication stage is not passed.
-
fo=d: Send a report if DKIM authentication fails.
-
fo=s: Send a report if SPF authentication fails.
-
As you gain experience with DMARC and understand your email authentication needs, you can adjust these optional tags to refine your policy and enhance email security.
Which DMARC policy to choose
The ideal DMARC policy depends on your specific situation. If you're new to DMARC, consider starting with the "none" policy to observe its impact without affecting email delivery. Once you're comfortable, you can transition to a stricter policy like "quarantine" or "reject."
DMARC is a great tool for tracking email deliverability and understanding how ISPs receive and process your emails. Based on this, you can improve deliverability and reclaim 5% or more of your base that may not receive emails for technical reasons.
Free DMARC Record Generator
We're excited to introduce our new DMARC Record Generator tool at Warmy! Now, generating your DMARC record is as easy as completing 4 simple steps:
-
Enter your domain
-
Choose your ESP or email outreach tools
-
Specify the email address below to receive your newly generated DMARC record
-
Get your DMARC value