What is DMARC and how does it work?
Domain-based Message Authentication, Reporting and Conformance (DMARC) is a validation system for email that is used to detect and prevent email spoofing.
DMARC ensures that legitimate email is properly authenticated with previously established DKIM and SPF standards. By doing this it will block fraudulent activity appearing to come from domains under the organization’s control, whether they are active sending domains or not.
Why do I need to make use of DMARC?
Google recently made changes pertaining to their criteria for accepting emails requiring that a DMARC record exists in the DNS of the sender's domain. When a DMARC record doesn't exist, the email will be rejected with the following error message:
SMTP error from remote mail server after end of data: 550-5.7.1 This message does not have authentication information or fails to pass 550-5.7.1 authentication checks. To best protect our users from spam, the 550-5.7.1 message has been blocked. Please visit 550-5.7.1 https://support.google.com/mail/answer/81126#authentication for more 550 5.7.1 information. v7si1234239wrr.338 - gsmtp
How do I Set DMARC?
1. Generate a DMARC TXT Record for your domain.
The following example will illustrate how a DMARC record can look, and the different fields that are available:
v=DMARC1; p=reject; rua=mailto:email@example.com
Change the “mailto:firstname.lastname@example.org” address to the email address that reports should be sent to.
TXT Data This field will determine how remote servers will process any of your domain’s emails that don’t pass SPF/DKIM validation. The following options are available:
None: “v=DMARC1; p=none; sp=none; rf=afrf; pct=100; ri=86400”
Reject: “v=DMARC1; p=reject; sp=none; rf=afrf; pct=100; ri=86400”
Quarantine: “v=DMARC1; p=quarantine; sp=none; rf=afrf; pct=100; ri=86400”By adding an email address, you can get email reports when DMARC validations fail:None: “v=DMARC1; p=none; sp=none; ruf=mailto:email@example.com; rf=afrf; pct=100; ri=86400″
Reject: “v=DMARC1; p=reject; sp=none; rf=afrf; pct=100; ruf=mailto:firstname.lastname@example.org; ri=86400″
Quarantine: “v=DMARC1; p=quarantine; sp=none; ruf=mailto:email@example.com; rf=afrf; pct=100; ri=86400″
Many websites offers a DMARC wizard that only require you to specify your domain name, contact email address and your DMARC policy.
You can perform a Google.com search for "dmarc wizard" or visit any of the following websites:
Once you've created your DMARC Record, copy it for later use.
2. Log in to your Client Area - Click Here.
3. Click on the Domains dropdown menu and click on My Domains.
4. Locate the domain that requires DMARC setup and click on the Active link that is next to it.
5. Click on the "Manage DNS" link that is located in the Manage menu on the left of the page
6. In DNS Manager, click on "Add Record"
7. Create a new DNS record with the following details:
Name : "_dmarc"
Type : TXT
TTL : 3600
RDATA : "<insert your own DMARC Records here>"
Click on "Add Record" to complete the process.
8. If you correctly added the DNS record, then it should appear in the list of DNS records:
Click on "Save Changes"
Kindly note that DNS record change require several hours to propagate and typically take up to 12 hours to reflect.
See our video tutorials, click here.Tags: DKIM & DMARC