DMARC record: How to create one

Creating a DMARC (Domain-based Message Authentication, Reporting, and Conformance) record is essential for enhancing your domain’s email security. It helps prevent email spoofing and phishing by instructing receiving mail servers on how to handle messages that fail authentication checks. Here’s a step-by-step guide to creating and adding a DMARC record to your domain’s DNS settings:
Step 1: Understand the Components of a DMARC Record
A DMARC record is a TXT record in your DNS that includes specific tags:
- v=DMARC1: Specifies the DMARC protocol version.
- p=none/quarantine/reject: Defines the policy for handling emails that fail authentication.
- none: No action is taken; reports are sent.
- quarantine: Emails are treated as suspicious and may be sent to spam/junk folders.
- reject: Emails failing authentication are rejected outright.
- rua=mailto:your-email@example.com: Specifies the email address to receive aggregate reports.
An example DMARC record:
v=DMARC1; p=none; rua=mailto:your-email@example.com
Step 2: Access Your Domain’s DNS Settings
To add a DMARC record, you’ll need to access your domain’s DNS management interface. This is typically provided by your domain registrar or hosting provider.
- Log in to your domain registrar or hosting account.
- Navigate to the DNS management or DNS settings section.
- Locate the option to add a new DNS record.
Step 3: Create the DMARC TXT Record
When adding the DMARC record:
- Type: Select TXT as the record type.
- Name/Host: Enter
_dmarc
(some systems may require_dmarc.yourdomain.com
). - Value: Paste your DMARC policy, for example:(easywpsmtp.com, WP Mail SMTP, Wikipedia)
v=DMARC1; p=none; rua=mailto:your-email@example.com
- TTL (Time to Live): Set to the default value or as recommended by your provider.
Save the record to apply the changes.
Step 4: Verify the DMARC Record
After adding the DMARC record, it’s important to verify that it’s correctly configured:
- Use online tools like MXToolbox DMARC Lookup to check your domain’s DMARC record.
- Enter your domain name and initiate the lookup.
- Review the results to ensure the DMARC record is present and correctly formatted.
Step 5: Monitor DMARC Reports
With the rua
tag specified, you’ll start receiving aggregate reports about email messages sent from your domain:
- These reports provide insights into authentication results and potential misuse.
- Regularly review these reports to identify and address any issues.
Additional Tips
- Start with a “none” policy: This allows you to monitor email traffic without impacting delivery. Once confident, you can move to stricter policies like “quarantine” or “reject”.
- Ensure SPF and DKIM are configured: DMARC relies on these authentication methods. Make sure they’re properly set up for your domain.
- Use consistent reporting addresses: Ensure the email addresses specified in
rua
are monitored and capable of handling the volume of reports.
By following these steps, you can effectively implement a DMARC record, enhancing your domain’s email security and protecting against unauthorized use.