DMARC stands for Domain Based Message Authentication Reporting and Conformance. Yes that's a mouthful, I know. DMARC makes it easier to stop malicious email practices like email spoofing by alerting senders to emails that were not authenticated using SPF or DKIM.
Why use DMARC?
DMARC compliance ensures that your recipients trust the emails you send to them.
Your reputation as a publisher is important. Sometimes, criminals use familiar brands to send out email blasts with your logo that trick unsuspecting victims into giving up their information. DMARC helps protect your website from being used maliciously.
How do I create a DMARC policy?
Just like we created an SPF and a DKIM earlier in the series, we are going to log into our domain registrar and add a TXT record, but here are few things you need to know first.
There are two required tags that MUST be in every DMARC Record. They are,
- “v” The only tag-value pair for "v" is v=DMARC1
- “p” For the "p" tag pair "p=" can be paired with none, quarantine, or reject. As tag-value pairs they would look like:p=none or p=quarantine or p=reject
*It’s recommended that all new DMARC records use the “p=none” policy to begin with.
DMARC Setup Steps
Step 1
Login to your domain registrar.
Step 2
Depending on your provider you will likely see a drop down list of DNS record types to choose from. You will want to select the "TXT" one.
Step 3
Add your host value. It will most likely be “_DMARC”
Step 4
Now you need to add your TXT value. Here is is an example of my newsletter’s DMARC for The Slice.
Host Record
TXT Value
_DMARC
v=DMARC1; p=none; rua=mailto:dmarc@theslice.co.; sp=none
NB - You will also need to add a “rua” tag that is written like this.
rua=mailto:domain@example.com.
- Each tag in this list should be separated by semicolons
- The "rua" & "ruf" tags support multiple email addresses with each separated by a comma.
- There are several "Advanced Tags" that can be added, but aren't recommended for initial setup.
Step 5
Click save and you should be ready to go! You can then use a DMARC check tool like this one to verify the record you just created has the correct values and syntax.
Congratulations, you’ve just successfully added a DMARC policy to your domain!