Park City, Utah 84098
435-565-1399

DMARC record: How to create one

DMARC record: How to create one

dmarc record email security

Creating a DMARC (Domain-based Message Authentication, Reporting, and Conformance) record is essential for enhancing your domain’s email security. It helps prevent email spoofing and phishing by instructing receiving mail servers on how to handle messages that fail authentication checks. Here’s a step-by-step guide to creating and adding a DMARC record to your domain’s DNS settings:


Step 1: Understand the Components of a DMARC Record

A DMARC record is a TXT record in your DNS that includes specific tags:

  • v=DMARC1: Specifies the DMARC protocol version.
  • p=none/quarantine/reject: Defines the policy for handling emails that fail authentication.
    • none: No action is taken; reports are sent.
    • quarantine: Emails are treated as suspicious and may be sent to spam/junk folders.
    • reject: Emails failing authentication are rejected outright.
  • rua=mailto:your-email@example.com: Specifies the email address to receive aggregate reports.

An example DMARC record:


v=DMARC1; p=none; rua=mailto:your-email@example.com

Step 2: Access Your Domain’s DNS Settings

To add a DMARC record, you’ll need to access your domain’s DNS management interface. This is typically provided by your domain registrar or hosting provider.

  1. Log in to your domain registrar or hosting account.
  2. Navigate to the DNS management or DNS settings section.
  3. Locate the option to add a new DNS record.

Step 3: Create the DMARC TXT Record

When adding the DMARC record:

  • Type: Select TXT as the record type.
  • Name/Host: Enter _dmarc (some systems may require _dmarc.yourdomain.com).
  • Value: Paste your DMARC policy, for example:(easywpsmtp.com, WP Mail SMTP, Wikipedia)

v=DMARC1; p=none; rua=mailto:your-email@example.com
  • TTL (Time to Live): Set to the default value or as recommended by your provider.

Save the record to apply the changes.


Step 4: Verify the DMARC Record

After adding the DMARC record, it’s important to verify that it’s correctly configured:

  1. Use online tools like MXToolbox DMARC Lookup to check your domain’s DMARC record.
  2. Enter your domain name and initiate the lookup.
  3. Review the results to ensure the DMARC record is present and correctly formatted.

Step 5: Monitor DMARC Reports

With the rua tag specified, you’ll start receiving aggregate reports about email messages sent from your domain:

  • These reports provide insights into authentication results and potential misuse.
  • Regularly review these reports to identify and address any issues.

Additional Tips

  • Start with a “none” policy: This allows you to monitor email traffic without impacting delivery. Once confident, you can move to stricter policies like “quarantine” or “reject”.
  • Ensure SPF and DKIM are configured: DMARC relies on these authentication methods. Make sure they’re properly set up for your domain.
  • Use consistent reporting addresses: Ensure the email addresses specified in rua are monitored and capable of handling the volume of reports.

By following these steps, you can effectively implement a DMARC record, enhancing your domain’s email security and protecting against unauthorized use.

Leave a Reply

Your email address will not be published. Required fields are marked *