What is DMARC?
Last Updated :
28 Jul, 2021
DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance” is an email authentication, policy, and reporting protocol that operates alongside Sender Policy Framework(SPF) and DomainKeys identified mail (DKIM) to determine the authenticity of an email message. DMARC protects organizations from Business Email Cyberattacks, it also allows them to receive DMARC reports from mail service providers.
How to Create DMARC Record?
You can use the DMARC Record Generator tool to create a customized DMARC record with a few simple steps:
1. Go to EasyDMARC free DMARC Record Generator tool
Dmarc Record Generator on EasyDMARC
2. Select the Policy type (choose from “none”, “quarantine”, and “reject”).
Common DMARC policies
- Nothing or None: This means that an email will be treated the same as if DMARC was not set up. A message can still be delivered, placed in the inbox, spam, or discarded. The option usually watches the environment, used in report analyses without affecting delivery methods.
- Quarantine: The option allows an email but does not make it to the inbox. These messages usually go straight to spam when the DMARC check fails.
- Reject: Discards any messages that fail the DMARC check immediately.
3. Choose your Aggregate reporting address (for instance mailto:example@easydmarc.com).
Aggregate reporting address
4. Select a Subdomain policy type (again, choose from “none”, “quarantine”, and “reject”).
5. Next, select SPF identifier alignment (can be chosen either “relaxed” or “strict”).
6. Choose DKIM identifier alignment (can be chosen either “relaxed” or “strict”).
DKIM identifier alignment
7. Write down the Percentage applied for your DMARC policy (the percentage of messages from the domain owner mainstream to which the DMARC policy is applied, the default is 100).
The percentage applied for your DMARC policy
8. Also, choose the Reporting interval (the requested interval in seconds between aggregate reports, the default is 86400).
Reporting interval
9. Choose your Failure reporting address (for instance mailto:example@easydmarc.com).
Failure reporting address
10. And lastly, pick out Failure reporting options (controls the type of reports that are sent out).
Failure reporting options
11. Once the tags are customized, click on the button that says “Generate DMARC Record” on the bottom.
Generate DMARC Record
12. Your DMARC record is created!
DMARC record created on EasyDMARC
There are different types of DMARC tags and all DMARC tags are divided into optional and required tags.
|
Tag Name
|
Purpose
|
Sample
|
| v |
Protocol Version |
v=DMARC1 |
| p |
Policy for organizational domain |
p=quarantine |
| ruf |
Reporting URI for forensic reports |
ruf=mailto:authfail@example.com |
| rua |
Reporting URI of aggregate reports |
rua=mailto:aggrep@example.com |
| pct |
Percentage of messages subjected to filtering |
pct=20 |
| sp |
Policy for subdomains of the OD |
sp=reject |
| adkim |
Alignment mode for DKIM |
adkim=s |
| aspf |
Alignment mode for SPF |
aspf=r |
Required tags
- Version (“v”): Must take the value DMARC1 (e.g v=DMARC1). The entry will be ignored otherwise.
- Policy (“p”): Policy for receiving messages. Determines the policy for the domain and subdomains.
Optional tags
- RUA Report Email Address (rua): Addresses for sending Aggregated reports, separated by commas. It is possible to specify mailto: links for sending reports by mail.
- RUF Report Email Address (ruf): Addresses to submit Failure reports, separated by commas. Specifying this tag implies that the owner requires recipient servers to send detailed reports on every message that fails DMARC validation.
- Percentage (pct): It specifies the number of emails to be filtered, indicated as a percentage. For example, “pct = 20” will filter 20% of emails.
- Subdomain Policy (sp): This tag represents the requested handling policy for subdomains.
- ADKIM Tag (adkim): DKIM record authentication check. It can take the value Relaxed “r”, or Strict “s”. The default is “r”
In relaxed mode, if the DKIM record being verified belongs to the domain d=example.com, and the message is sent from email@news.example.com, the verification will pass. In the strict mode, the check will be passed only if the sending comes from an address on the example.com domain. Subdomains will not pass validation.
How to implement DMARC with EasyDMARC
1. Identify your domains
Identify all the domains that you own. This means all the domains from which emails are sent on your company’s behalf including “look-alike” or “cousin” domains and any inactive/parked domains.
2. Add your domain(s)
Register an account at EasyDMARC and add your domain(s)
The system automatically will forward you to the Add Domain page after the registration.
3. Generate the DMARC record for your domains
As you add your domain, we automatically generate DMARC Record for you.
The same DMARC record applies to all the domains under one account.
4. Publish the generated DMARC Record in your DNS
How to add the DMARC record in DNS?
Here is an example of a published record in the Cloudflare DNS
published DMARC record in the Cloudflare DNS
Note that the Name section of the TXT record should be _dmarc
Once the TXT record is saved in the DNS, use the DMARC record lookup tool on the EasyDMARC website to ensure the record is set up correctly.
Ensuring DMARC is setup correctly
When the DMARC status is shown the green color, that indicates the record is set up correctly.
Like Article
Suggest improvement
Share your thoughts in the comments
Please Login to comment...