How To Create A DMARC Record:
Step-By-Step Guide

Ensuring the security of email communications is vital in today's digital landscape, and Domain-based Message Authentication, Reporting, and Conformance (DMARC) is essential for combating email spoofing and phishing scams. A DMARC record allows domain owners to dictate the authentication process for their emails and outline the actions to take when messages do not pass these checks. By adopting a DMARC policy, you enhance email security and safeguard both senders and recipients against deceptive practices.

This comprehensive guide will lead you through the steps necessary to create and properly implement a DMARC record, thereby fortifying your domain against email-related risks. To explore further, simply click on the link.


Step 1: Understand DMARC and Its Components


Prior to establishing a DMARC record, it is important to grasp its three key elements:


Policy (p=) 

 Specifies the procedures for email servers regarding messages that do not pass DMARC verification. There are three available policy choices:


  • none: Observes email activity without implementing any measures.

  • quarantine: Directs questionable emails to the spam or junk folder.

  • reject: Prevents delivery of emails that do not meet authentication standards.


Alignment Mode

Verifies that the domain specified in the "From" header of the email aligns with the authenticated domains listed in both SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail).


Reporting

Indicates the email addresses designated to receive DMARC aggregate (rua) and forensic reports, which are used for overseeing email traffic and detecting authentication issues.


Step 2: Set Up SPF and DKIM


DMARC utilizes SPF and DKIM for email authentication. To ensure proper functionality, follow these steps:


  •  Set up SPF (Sender Policy Framework): This protocol confirms that emails sent from your domain are dispatched by approved mail servers. You need to include an SPF TXT record in your domain’s DNS configuration.

  • Activate DKIM (DomainKeys Identified Mail): DKIM adds a cryptographic signature to your outgoing emails, allowing recipient mail servers to validate their authenticity.

Make sure both SPF and DKIM are properly configured before moving forward with DMARC implementation.


Step 3: Generate a DMARC Record


A DMARC record is a type of TEXT entry that you include in your domain's DNS configuration. To set up your DMARC record, use the following format:

dmarc.yourdomain.com TXT "v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.com; ruf=mailto:dmarc-alerts@yourdomain.com; sp=none; Adkim=r; aspf=r; pct=100"

Here's a breakdown of the parameters:


  •  v=DMARC1: Indicates the version of DMARC being used.

  •  p=none: Establishes the policy, which can be none, quarantine, or reject.

  •  rua=mailto:dmarc-reports@yourdomain.com: Designates the address for receiving aggregate reports.

  •  Ruf=mailto:dmarc-alerts@yourdomain.com: Designates the address for receiving forensic reports.

  •  sp=none: Sets a policy for any subdomains (this is optional).

  •  Adkim=r & aspf=r: Specifies the alignment modes, which can be relaxed (r) or strict (s).

  •  pct=100: Indicates the percentage of emails that will be affected by the DMARC policy.

Step 4: Publish the DMARC Record in DNS


After creating your DMARC record, proceed with these instructions to make it live:


  1. Access the control panel of your domain hosting provider.

  2. Locate the DNS settings or the DNS zone editor section.

  3. Create a new TXT record using these specifications:

  • Host/Name: _dmarc.yourdomain.com

  • Type: TXT

  • Value: Insert the DMARC record you generated earlier.

  1. Save your modifications and wait for 24 to 48 Hours for the changes to take effect.


Step 5: Monitor DMARC Reports


Once DMARC is set up, it’s important to periodically review the reports to assess the effectiveness of your email authentication. These reports help identify unauthorized senders using your domain, detect errors in SPF or DKIM configurations, and evaluate the success of your DMARC policy. By utilizing DMARC analysis tools, you can interpret these reports and make necessary adjustments to your email authentication settings for improved security.


Step 6: Adjust the DMARC Policy as Needed


  • After reviewing DMARC reports and ensuring that valid emails successfully authenticate, you can enhance your DMARC policy:

  • Begin by changing the setting from p=none to p=quarantine, which will direct potentially harmful emails to the spam folder

  • Later, consider updating it to p=reject to provide complete protection against email spoofing for your domain. 

  • If needed, modify the alignment modes (Adkim and Aspf) to strict

  • Gradually raise the enforcement level by modifying the pct value.