Email - How do I add DMARC to my DNS (Google / Gmail fix)?

Andrew Kostiris
2019-09-07 20:35

What is DMARC and how does it work?

Domain-based Message Authentication, Reporting and Conformance (DMARC) is a validation system for email that is used to detect and prevent email spoofing.

DMARC ensures that legitimate email is properly authenticated with previously established DKIM and SPF standards. By doing this it will block fraudulent activity appearing to come from domains under the organization’s control, whether they are active sending domains or not.

 Why do I need to make use of DMARC?

Google recently made changes pertaining to their criteria for accepting emails requiring that a DMARC record exists in the DNS of the sender's domain.  When a DMARC record doesn't exist, the email will be rejected with the following error message:

SMTP error from remote mail server after end of data:
    550-5.7.1 This message does not have authentication information or fails to pass
    550-5.7.1 authentication checks. To best protect our users from spam, the
    550-5.7.1 message has been blocked. Please visit
    550-5.7.1  https://support.google.com/mail/answer/81126#authentication for more
    550 5.7.1 information. v7si1234239wrr.338 - gsmtp
How do I Set DMARC?

1. Generate a DMARC TXT Record for your domain. 

The following example will illustrate how a DMARC record can look, and the different fields that are available:
DMARC Example

v=DMARC1; p=reject; rua=mailto:youremail@exampleaddress.co.za

Change the “mailto:youremail@exampleaddress.co.za” address to the email address that reports should be sent to.


Field Setting
Name _dmarc
TTL 14400
Type TXT
TXT Data This field will determine how remote servers will process any of your domain’s emails that don’t pass SPF/DKIM validation. The following options are available:
None: “v=DMARC1; p=none; sp=none; rf=afrf; pct=100; ri=86400”
Reject: “v=DMARC1; p=reject; sp=none; rf=afrf; pct=100; ri=86400”
Quarantine: “v=DMARC1; p=quarantine; sp=none; rf=afrf; pct=100; ri=86400”By adding an email address, you can get email reports when DMARC validations fail:None: “v=DMARC1; p=none; sp=none; ruf=mailto:youremail@exampleaddress.co.za; rf=afrf; pct=100; ri=86400″
Reject: “v=DMARC1; p=reject; sp=none; rf=afrf; pct=100; ruf=mailto:youremail@exampleaddress.co.za; ri=86400″
Quarantine: “v=DMARC1; p=quarantine; sp=none; ruf=mailto:youremail@exampleaddress.co.za; rf=afrf; pct=100; ri=86400″

Many websites offers a DMARC wizard that only require you to specify your domain name, contact email address and your DMARC policy.

You can perform a Google.com search for "
dmarc wizard" or visit any of the following websites:
https://www.unlocktheinbox.com/dmarcwizard/
https://mxtoolbox.com/DMARCRecordGenerator.aspx
https://dmarcian.com/dmarc-record-wizard/
Once you've created your DMARC Record, copy it for later use.

2.  Log in to your Client Area - Click Here.

3.  Click on the Domains dropdown menu and click on My Domains.



 4. Locate the domain that requires DMARC setup and click on the Active link that is next to it.

 5.  Click on the "Manage DNS" link that is located in the Manage menu on the left of the page

 6. In DNS Manager, click on "Add Record"

 7.  Create a new DNS record with the following details:
Name : "_dmarc"
Type : TXT
TTL : 3600
RDATA : "<insert your own DMARC Records here>"

Click on "Add Record" to complete the process.



8. If you correctly added the DNS record, then it should appear in the list of DNS records:


Click on "Save Changes"

 Kindly note that DNS record change require several hours to propagate and typically take up to 12 hours to reflect.

See our video tutorials, click here.

Tags: DKIM & DMARC
Average rating: 0 (0 Votes)

You can comment this FAQ