Ecomail, as a bulk mailing provider, aims to ensure the most reliable delivery of emails to its clients. One of the key elements to sending bulk emails correctly is using an authenticated sending domain.
Due to updates in mail delivery rules for some large email clients, setting up a DMARC record is needed, in addition to the standard domain verification process.
Ecomail will provide a simple tool for processing and visualizing reports for those who wish to process receiving server reports (based on DMARC record processing).
In this article, you will find:
What is a DMARC record?
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a security protocol (method) designed to protect email communications against phishing, identity spoofing, and other types of email fraud. This protocol specifies how emails should be authenticated (via DKIM and SPF) by the email recipient. It can also be used to monitor and improve the authentication process of emails sent out by the receiving messenger servers.
DMARC record aims to reduce the risk of phishing and fraudulent emails by providing more configuration options for the authentication of email communication coming under a specific domain (@domain.com) and to allow the monitoring of this authentication process by the owner of a specific domain.
The DMARC record, which is part of your domain's DNS records, provides instructions/rules for the email servers that are receiving the emails. It defines how these servers should handle emails that are currently being sent on behalf of your domain. Alternatively, in what form and where to send reports on the processing of emails received under your domain.
Why use a DMARC record?
With the increasing amount and wide variety of fraudulent emails, some mail clients (especially Gmail.com and Yahoo.com) have decided to update their security measures for receiving mail by requiring a DMARC record, with the intent to verify the sender of email messages completely.
In the past, it has been difficult for these large companies to decide which e-mail to deliver to the client's mailbox. Each email provider has a different security algorithm, which is not publicly known - this can lead to situations where even a harmless newsletter is placed in the spam folder.
For these reasons, DMARC is becoming the standard for safe and high deliverability, helping email recipients verify that it is not a dangerous (fraudulent) distribution. In addition, DMARC methods can prevent misuse of email addresses and abuse of your domain.
Verify the DMARC record by February 2024.
How do I set up a DMARC record?
To fully authenticate a domain, you must also authenticate the sending domain using DNS records such as DKIM and CNAME. Please take a look at this article.
You set up the DMARC record in your hosting where the domain has name servers (called DNS). For more information, contact your IT specialist or contact your hosting support.
DMARC record:
Type | TXT |
Name | (Hostname) | _dmarc (if you are using a subdomain, the name will be _dmarc.subdomain) |
TTL | 1800 |
Value* | v=DMARC1; p=none; sp=none; adkim=r; aspf=r; fo=1; rua=mailto:your@email.com; ruf=mailto:your@email.com; rf=afrf; pct=100; ri=86400 |
*as "mailto", choose an email address where you wish to receive reports on the processing of your emails
Explanation of the different parameters that can be worked with in DMARC:
v - protocol version (now only DMARC1)
pct - specifies the percentage of messages that will be checked (100 is for 100%, i.e. all messages are checked)
ruf - your email address where forensic reports will be sent
rua - your email address where aggregated reports will be sent
p - the DMARC policy selected (determines how the recipient will handle messages that do not pass the check)
none - no policy, DMARC works only for reporting/testing purposes and will deliver the mail as usual
quarantine - the recipient takes the result of the check into account, usually a message that fails the check can be marked as spam
reject - the recipient rejects and does not deliver the message that failed the check (bounces)
sp - determine whether the policy should also apply to subdomains of your domain (e.g. news.domain.com), the values are the same as p
adkim - check mode for DKIM alignment
r (relaxed) - less restrictive; a match occurs if the parent domain matches (e.g. news.ecomail.com = ecomail.com)
s (strict) - strict; a match occurs only if the domain is the same
aspf - check mode for SPF alignment
r (relaxed) - less restrictive; a match occurs if the parent domain matches (e.g. news.ecomail.cz = ecomail.cz)
s (strict) - strict; a match occurs only if the domain is identical
rf - format for news reports, at this time, it can only have afrf values
ri - interval for sending aggregate reports on messages that have not passed DMARC check, in seconds
fo - mode of sending forensic reports (= reports for each message separately)
0 - the recipient sends the report if the message fails DMARC check completely (i.e. both DKIM alignment and SPF alignment fail); default value
1 - the recipient sends the report if the message fails the SPF alignment or DKIM alignment check (i.e. the message could still pass the DMARC check overall)
d - the recipient sends a report for each message that fails the DKIM alignment
s - the recipient sends a report for each message that does not pass SPF alignment
Currently, the parameters v, p, sp, adkim, aspf, fo, rua, ruf, rf, pct, and ri are important for sending your emails.
For Gmail, p set to none is sufficient at this time.
Of course, you can adjust each parameter according to your monitoring needs - if you are unclear, please get in touch with your technicians or IT administrator.
How do I know if DMARC is set up correctly?
Once you have verified the DMARC record in your domain hosting, you do not need to make any further settings in Ecomail. You can verify the correctness of the DMARC record settings on the web, within tools like MxToolBox, Dmarcian.
Didn't find the answer? Send us a message at email support@ecomail.app. 😊