How to configure DMARC

How to configure DMARC

(Domain-based Message Authentication, Reporting & Conformance)

What is DMARC?

DMARC instructs mail servers how to handle emails that fail SPF and DKIM authentication checks.

Why should I have DMARC configured?

By having DMARC in place you will be able to detect and prevent fraudulent emails from being sent through your domain. A domain protected by DMARC will reduce the risk of spoofing and phishing attacks on your behalf.

STEP 1: Create your DMARC record

Start with the DMARC version by adding the tag “v=DMARC1”.

Choose what you want to do with emails that do not pass SPF authentication:

• None: This is the recommended option when first implementing SPF, as it allows you to monitor all email and receive reports, so you can, for example, determine if your domain is being abused by phishers.
• Quarantine: quarantine messages that fail DMARC (move to spam folder or add a specific label to the message before delivery)
• Reject: rejects messages that fail DMARC (not delivering mail)

Add the address where you want to receive the reports with the tag "rua".

Your DMARC record should look something like this:

v=DMARC1; p=none; rua=mailto:postmaster@yourcomp.com

STEP 2: Publish your DMARC in the DNS

In general, the steps to follow will be:

1. Go to your domain hosting provider
2. Navigate to DNS settings
3. Create a new TXT record
4. Set the Host field to your domain name
5. The TXT value will be your DMARC record
6. Set the TTL (Time to Live) to Auto
7. Click on "Save" or "Add record"

You can choose from the list that appears below your hosting provider and see more instructions on how to publish your DMARC record.

• Cloudflare - https://support.cloudflare.com/hc/en-us/articles/360019093151
• 123.reg - https://www.123-reg.co.uk/support/domains/how-do-i-set-up-a-txt-record-on-my-domain-name/
• GoDaddy - https://www.dmarcanalyzer.com/dmarc/dmarc-record-setup-guides/dmarc-setup-guide-godaddy/
• BlueHost - https://www.dmarcanalyzer.com/dmarc/dmarc-record-setup-guides/bluehost-dmarc-setup-guide/

STEP 3: Test and verify

The update of this record can take up to 1 day to propagate.

Go to our SPF and DMARC verification tool and run the scan to verify that the record has been updated.

Thanks for reading this tutorial.

If you have any questions or comments about this tutorial, please contact us through our instant chat or send us an email at contact@cyberguardian.tech