Skip to main content
DMARC record

What is DMARC record for, and how to set it up for your domain

Kateřina Irová avatar
Written by Kateřina Irová
Updated over 11 months ago

Ecomail, as a bulk mailing provider, aims to ensure the most reliable delivery of emails to its clients. One of the key elements to sending bulk emails correctly is using an authenticated sending domain.

Due to updates in mail delivery rules for some large email clients, setting up a DMARC record is needed, in addition to the standard domain verification process.

Ecomail will provide a simple tool for processing and visualizing reports for those who wish to process receiving server reports (based on DMARC record processing).

In this article, you will find:


What is a DMARC record?

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a security protocol (method) designed to protect email communications against phishing, identity spoofing, and other types of email fraud. This protocol specifies how emails should be authenticated (via DKIM and SPF) by the email recipient. It can also be used to monitor and improve the authentication process of emails sent out by the receiving messenger servers.

DMARC record aims to reduce the risk of phishing and fraudulent emails by providing more configuration options for the authentication of email communication coming under a specific domain (@domain.com) and to allow the monitoring of this authentication process by the owner of a specific domain.

The DMARC record, which is part of your domain's DNS records, provides instructions/rules for the email servers that are receiving the emails. It defines how these servers should handle emails that are currently being sent on behalf of your domain. Alternatively, in what form and where to send reports on the processing of emails received under your domain.


Why use a DMARC record?

With the increasing amount and wide variety of fraudulent emails, some mail clients (especially Gmail.com and Yahoo.com) have decided to update their security measures for receiving mail by requiring a DMARC record, with the intent to verify the sender of email messages completely.

In the past, it has been difficult for these large companies to decide which e-mail to deliver to the client's mailbox. Each email provider has a different security algorithm, which is not publicly known - this can lead to situations where even a harmless newsletter is placed in the spam folder.

For these reasons, DMARC is becoming the standard for safe and high deliverability, helping email recipients verify that it is not a dangerous (fraudulent) distribution. In addition, DMARC methods can prevent misuse of email addresses and abuse of your domain.

Verify the DMARC record by February 2024.


How do I set up a DMARC record?

To fully authenticate a domain, you must also authenticate the sending domain using DNS records such as DKIM and CNAME. Please take a look at this article.

You set up the DMARC record in your hosting where the domain has name servers (called DNS). For more information, contact your IT specialist or contact your hosting support.

DMARC record:

Type

TXT

Name | (Hostname)

_dmarc (if you are using a subdomain, the name will be _dmarc.subdomain)

TTL

1800

Value*

v=DMARC1; p=none; sp=none; adkim=r; aspf=r; fo=1; rua=mailto:your@email.com; ruf=mailto:your@email.com; rf=afrf; pct=100; ri=86400

*as "mailto", choose an email address where you wish to receive reports on the processing of your emails

Explanation of the different parameters that can be worked with in DMARC:

  • v - protocol version (now only DMARC1)

  • pct - specifies the percentage of messages that will be checked (100 is for 100%, i.e. all messages are checked)

  • ruf - your email address where forensic reports will be sent

  • rua - your email address where aggregated reports will be sent

  • p - the DMARC policy selected (determines how the recipient will handle messages that do not pass the check)

    • none - no policy, DMARC works only for reporting/testing purposes and will deliver the mail as usual

    • quarantine - the recipient takes the result of the check into account, usually a message that fails the check can be marked as spam

    • reject - the recipient rejects and does not deliver the message that failed the check (bounces)

  • sp - determine whether the policy should also apply to subdomains of your domain (e.g. news.domain.com), the values are the same as p

  • adkim - check mode for DKIM alignment

    • r (relaxed) - less restrictive; a match occurs if the parent domain matches (e.g. news.ecomail.com = ecomail.com)

    • s (strict) - strict; a match occurs only if the domain is the same

  • aspf - check mode for SPF alignment

    • r (relaxed) - less restrictive; a match occurs if the parent domain matches (e.g. news.ecomail.cz = ecomail.cz)

    • s (strict) - strict; a match occurs only if the domain is identical

  • rf - format for news reports, at this time, it can only have afrf values

  • ri - interval for sending aggregate reports on messages that have not passed DMARC check, in seconds

  • fo - mode of sending forensic reports (= reports for each message separately)

    • 0 - the recipient sends the report if the message fails DMARC check completely (i.e. both DKIM alignment and SPF alignment fail); default value

    • 1 - the recipient sends the report if the message fails the SPF alignment or DKIM alignment check (i.e. the message could still pass the DMARC check overall)

    • d - the recipient sends a report for each message that fails the DKIM alignment

    • s - the recipient sends a report for each message that does not pass SPF alignment

Currently, the parameters v, p, sp, adkim, aspf, fo, rua, ruf, rf, pct, and ri are important for sending your emails.


For Gmail, p set to none is sufficient at this time.

Of course, you can adjust each parameter according to your monitoring needs - if you are unclear, please get in touch with your technicians or IT administrator.



How do I know if DMARC is set up correctly?


Once you have verified the DMARC record in your domain hosting, you do not need to make any further settings in Ecomail. You can verify the correctness of the DMARC record settings on the web, within tools like MxToolBox, Dmarcian.



Didn't find the answer? Send us a message at email support@ecomail.app. 😊

Did this answer your question?