What is DMARC and Why is it Important

clock
DMARC

DMARC is an email authentication, reporting, and policy conformance protocol that can safeguard users from spoofing and phishing. It also helps in building a sound domain reputation. Let's dive in to learn more about DMARC.

Table of contents

What is DMARC?

DMARC stands for Domain-based Message Authentication, Reporting & Conformance. DMARC is a standard email authentication protocol that helps you take an authoritative action in case DKIM/SPF fails.

DMARC performs the following functions:

  • Adds linkages to the author’s ("From") domain name.

  • Publishes policies for handling the authentication failures on the part of the recipients.

  • Reports from receivers to senders.

  • Monitors and improvises the domain protection from fraudulent emails.

An organization can easily incorporate the DMARC protocol into its existing inbound email authentication process. It ensures the email message aligns with the receiver's knowledge regarding the sender. In case it doesn't match, then proper guidelines are there to handle such non-aligned messages.

Why DMARC?

The importance of DMARC is deeply tied to email security and deliverability. The major benefits for which you should set up DMARC are as follows:

  • DMARC provides robust email authentication reporting.

  • The protocol reduces the phishing practices that are the delivery of fraudulent emails in the recipient's inbox. It further minimizes the false positives.

  • With the help of the DMARC protocol, ISPs or internet service providers can identify spammers quickly. Therefore, it prevents any malicious emails from reaching recipients' inboxes.

  • DMARC tends to replace ADSP (Author Domain Signing Practices) by assisting in various other aspects such as subdomain policies (wildcarding), non-existent subdomains, slow rollout (such as percentage experiments), SPF or, quarantining mail.

  • Working at the internet-scale DMARC helps to avoid unnecessary complexities and makes way for more transparency.

  • DMARC solves the problem of spammers using your domain name to send emails.

How DMARC safeguards your domain from phishing

The DMARC uses both the Sender Policy Framework (SPF) and Domain Keys Identified Mail (DKIM) to determine an email's authenticity. It helps in reducing email malpractices to a great extent.

Who can use DMARC?

The public Domain Name System (DNS) consists of the DMARC policies. These policies are available for everyone. There are no licensing or other restrictions with the specification that is issued. Any interested party can implement it freely.

How to set up DMARC?

The implementation of DMARC policy on your domain name involves a set of processes. Here, changes are made in the DNS records at the domain registrar. Then, an optimal configuration takes place at the end of email providers to send the signed emails.

Basic steps included in the execution process are as follows:

  • Set up SPF on the envelope domain.
  • Set up DKIM on the sender domain.
  • Add the DMARC record.
  • Test and verify (preferably set the policy to none at this stage).

Conditions for DMARC to pass :

The sender domain must pass DKIM. The envelope domain must pass SPF. Or the sender domain is a sub-domain of the envelope domain or vice versa.

How to add a DMARC record to your DNS provider?

After setting up SPF and DKIM properly, the DMARC policy will be tested and verified. For this, the DMARC record must be added to your domain's DNS settings.

Here's how you can set up the DMARC DNS:

1. Visit your DNS hosting provider

Firstly, you have to log in to your DNS hosting provider. Different servers have different interfaces. You can also go to the manage/configure DNS settings option. Once logged in, check for the 'Creating a new record' prompt.

2. Create a new DMARC record

Search for the ‘TXT’ section to create and edit a new record.

3. Enter values

Fill in values for the following fields:

  • Host/Name: Input the value ‘_DMARC’ in this column. In case, you are entering a DMARC record for a subdomain, then put in ‘_dmarc.subdomain’. The hosting provider will add the domain or subdomain after the value respectively.

  • Record Type: Here, you have to select the ‘TXT’ DNS record option from the drop-down list.

  • Value: Every DMARC record requires two tag-value pairs. First is "v" and second, "p". The former "v" has only one tag-value pair that is provided as v=DMARC1. For the "p" tag pair, three options are usually available, ‘none’, ‘quarantine’, or ‘reject’. The entry of these tag-value pairs will be: ‘p=none’; ‘p=quarantine’ or, ‘p=reject’.

4. Tap on Create/Save

Click on create/save option to generate and submit the DMARC record.

5. Validate Record

The step involves direct testing of the new DMARC record. Check and verify the syntax and values added are working correctly. Test all the defined policies to ensure they are performing as required. Hence, there's no scope for any legitimate email to get blocked.

Following is an example of a DMARC record:

_dmarc.yourdomain IN TXT "v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com"

The three (3) tags are: v, p, & rua, and the three (3) values are DMARC1, none, and mailto:dmarc@yourdomain.com. The "v" tag is the version of DMARC, the "p" tag is the policy (meaning what action to take if the message fails DMARC), and the "rua" tag is the email address to send DMARC aggregate reports to.

Keep monitoring the overall performance to understand the logistics of the email domains and generate better results.

What is DMARC Policy?

The DMARC policy specifies how the SPF and DKIM will be dealt with and handled by the email servers. It gives the domain administrators the reporting mechanism to identify any email failure or spoofing attempt on the domain. A report by IETF Datatracker explains how it’s done.

DMARC for AMP Email approval from Email Clients

If you want to send out interactive AMP emails, you will have to get whitelisted with Yahoo Mail, Gmail, and Mail.ru. These are the only 3 email clients which support AMP emails. For a successful whitelisting of your sender address, you will have to set up DMARC for your domain.

Mailmodo helps you to set up DMARC

With Mailmodo, you can easily set up DMARC and start sending out interactive AMP emails. The Mailmodo team assists you in incorporating the DMARC to protect your company's domain name easily and reap the benefits of interactive AMP emails.

Latest Articles

article

What Is Email Design Layout and Some Popular Layouts to Use in Your Emails

mailmodo-arrow-right
article

What Is a Suppression List And What to Include in It to Protect Your Sender's Reputation

mailmodo-arrow-right
article

14 Email Design Best Practices to Ramp up Your Email Game in 2021

mailmodo-arrow-right