Skip to main content
What is DMARC?

DMARC stands for Domain-Based Message Authentication, Reporting, and Conformance and its purpose is to decrease instances of email misuse.

Weronika Wróblewska avatar
Written by Weronika Wróblewska
Updated over 9 months ago

IN THIS ARTICLE


Why do you want to set it up?

DMARC, which stands for Domain-based Message Authentication, Reporting & Conformance. It improves and monitors the protection of the domain from fraudulent email by linking to the author's ("From:") domain name, publishing policies for recipient handling of authentication failures, and reporting from receivers to senders. It builds on the widely used SPF and DKIM protocols.


Checking already existing DMARC record

DMARC record must always be added to your domain hosting provider's settings. Check if the domain already has the TXT DNS record set up before you start configuring DMARC on it.

Suppose there is an active DMARC record on your domain. In that case, it’s recommended to check existing reports and ensure that the messages going out of your organization pass the authentication of the receiving servers and are delivered to the recipients.


How do you set up the DMARC record?

Each email provider has its own settings, but all lead to setting DMARC records in the DNS panel.

Before setting the DMARC record, you must consider a few things. Firstly, you should check if the SPF and DKIM records are set up correctly. As DMARC is heavily related to those, it won’t work if the other two are absent in your DNS panel. If you manage more than one domain, you must set up SPF, DKIM, and DMARC separately for each.

After setting up SPF and DKIM, wait about 48 hours to configure the DMARC record.

By default, the frequency of sending DMARC reports is set so that a summary report is sent once a day. Some reports are sent every time an error occurs. The "rua" value indicating this aggregate report must be set, which you can read about below. Regardless of the frequency of reports sent, it is recommended that a separate mailbox be created for receiving them.


To set up a DMARC record, find the interface for adding records in your hosting provider’s DNS panel. There should be an option available to name your record, choose its type, and add value. For DMARC, select the TXT one.

In the name field/Hostname field, enter _dmarc. The subdomain name will be automatically created for this TXT record. An example of such a record is: _dmarc.your-domain.com

Next, add “Value” information. Three tag-value pairs must be added to every DMARC record: “v,” “p,” and “rua.”

  • The only tag-value pair for “v” is v=DMARC1

  • The “p” tag pair can be paired with none, quarantine, or reject; for example, it would look like” p=reject.

  • The “rua” tag is responsible for sending reports.

The recommended policy value for new DMARC records is p=none, as this allows for identifying email delivery problems due to the domain’s SPF or DKIM. Adding the “rua” or “ruf” tag is also recommended to see the resulting reports on your email’s performance. The frequency of reports sending can also be set with Report Interval Tag (ri), but it’s optional.

Example of such value:

v=DMARC1; p=none;
rua=mailto:[email protected]

Once all of those details are added, finish creating the record.

Depending on the hosting provider, the newly created DMARC record may become effective immediately or up to a few hours after saving. You can run a record check to see if everything was set up correctly here.

Did this answer your question?