DMARC Overview

Learn what DMARC is, why it’s important, and how to implement it

DMARC, which stands for Domain-based Message Authentication, Reporting & Conformance, is an email validation system designed to protect your organization's email domain from being exploited for phishing scams and other cyber threats.  It provides a mechanism for you to dictate the course of action when emails from your domain fail authentication.

How Does DMARC Work?

DMARC builds on two existing mechanisms, SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail), which are used to associate a piece of email with a domain.

  • SPF allows senders to define which IP addresses can send mail for a particular domain.
  • DKIM gives an email a digital signature, which is added to the email's header and can be verified by the recipient.

If the SPF or DKIM check passes and the domain in the header from the address aligns with the domain in the SPF or DKIM part of the message, the DMARC check will pass. However, it is essential to note that passing these authentication checks does not guarantee automatic delivery of the email. Other factors, such as recipient preferences, spam filters, and content analysis, may still influence the final delivery decision.

Why is DMARC Important?

DMARC helps protect email senders and recipients from spam, phishing, and spoofing attacks. By implementing DMARC, you can:

  1. Protecting your brand, correctly implemented DMARC policy prevents unauthorized persons or services from sending mail from your domain
  2. Enables reviewing email traffic sent from you and on your behalf from your domain to maintain your reputation
  3. Increases email deliverability: DMARC helps receiving servers determine if a message aligns with what the receiver knows about the sender.

Remember, setting up a DMARC record for your domain is crucial to improving your email security and deliverability. However, it can be complex to configure and utilize to its full potential. If you haven't done so already, we recommend that you prepare for future sending requirements and look into best practices for implementing this increasing standard.

How do I add a DMARC Record?

Note: If your organization has an internal IT department, it is recommended to consult them to ensure the proper configuration of DMARC.


Adding a DMARC record can differ based on your DNS provider. The most basic configuration, which currently meets the basic requirements of Google and Yahoo, involves adding a single TXT record with the following value:

RECORD TYPE     HOSTNAME    VALUE   
TXT   _dmarc    v=DMARC1; p=none; 

 

Some DNS providers require the addition of the domain name into the hostname. Using yourdomain.com as an example domain, the single record to add would be:

RECORD TYPE HOSTNAME     VALUE  
TXT  _dmarc.mydomain.com  v=DMARC1; p=none; 

 

Here is a step-by-step guide on how to add a DMARC record:

  1. Log in to your DNS provider: This could be the company where you registered your domain name or your hosting provider.
  2. Find the DNS management area: This is usually labeled as 'DNS Settings,' 'DNS Management,' 'Advanced Settings,' or something similar.
  3. Create a new record: Look for an option to add a new record. The type of record you want to create is a 'TXT' record.
  4. Enter the Hostname: In the field for the name or host, enter _dmarc. Some DNS providers require adding the domain name, so you may need to enter _dmarc.yourdomain.com (replace 'yourdomain.com' with your actual domain name).
  5. Enter the Value: In the value or content field, enter v=DMARC1; p=none;
  6. Save the record: Once you've entered these details, save the new record.
  7. Wait for the changes to propagate: DNS changes can take up to 72 hours to propagate throughout the internet, although it's often much quicker.
  8. Verify the record: You can use online DMARC record check tools to verify that your DMARC record is published correctly. Please note that this is the basic DMARC functionality to meet Google and Yahoo’s current requirements to continue sending. At this time, additional DMARC configurations are not necessary and would require continued active steps with each send that are beyond most sending requirements.

Additional Resources

For further information on DMARC, you can refer to the following Google resources: