What is DMARC? Why implement it? And how to set up DMARC for your business? You’ll get to know the answers to these questions and many more. As a business owner, you want to ensure that no spammer uses your domain to send any email without your permission.
That’s why I have created the DMARC guide to help you feel safe and secure. Google also encourages us to help it prevent spoofing and spam with DMARC.
DMARC determines if you use the best email marketing practices and everything is in order. At Embounce, email validation and authentication are significant parts of our mission that start with DMARC, of course.
In this post, you’ll find everything you need to know about DMARC. Sounds great? Let’s get started right away.
Ultimate Guide to DMARC: What, Why, And How!
In this section, you’ll learn what DMARC stands for, what it is, and why you must implement it. We’ll then move on to setting it up for your business.
What is DMARC?
DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. It’s a standard or policy that helps you protect your domain from any unauthorized use. After setting it up, you don’t need to worry about phishing attacks, impersonation, spamming, and more.
DMARC is a way to secure your domain and save it from internet attackers. It’s a TXT record stored in DNS that helps the email recipients check the email’s authenticity. So, it’s your company’s inbound authentication system.
There are three possible actions that you can choose from:
- Quarantine – Email is placed in a particular folder (spam).
- Reject – email is not delivered, and the user is notified that it’s not from you.
- Ignore – Email is provided as usual. But no action is taken.
You can also choose to do nothing, but that’s not recommended. For your email to reach inboxes, you need to deploy DKIM and SPF, deploy DMARC policy with the above actions.
For setting up these records, you must have access to your domain’s zone files. You can use the DNS manager in your hosting company for this purpose.
Why DMARC: What Are the Benefits?
And that’s quite alarming! 42% of customers are less likely to do the business after getting phished or spammed by an attacker. You must set up DMARC to avoid any loss.
You enjoy tons of benefits after you have implemented DMARC for your company. With spam traps, spammers find it challenging to spoof your domain.
They get blacklisted by ISPs for spamming. This way, they can no longer send messages to your customers or subscribers. Here’s DMARC organization shares the importance of DMARC:
DMARC also helps ISPs to identify the good senders from the bad ones. The good senders are then rewarded with better email deliverability.
- High security
- Improved visibility
- Boosted deliverability
- Protected brand image
Let’s dive a little deeper now.
High Security
With DMARC in action, you can protect your customers and potential leads from spamming and phishing scams.
Improved Visibility
It’s your business, and you must know all the emails using your domain are authenticated with SPF and DKIM.
Boosted Deliverability
With DMARC, you can get reports about the email senders using your domain.
Protected Brand Image
DMARC is an excellent way to defend your brand against any internet attack. It saves your brand image, and you can earn a long-term relationship with your customers and clients.
How DMARC Works:
DMARC helps you see all the emails sent using your domain, and they’re authenticated using standards called DKIM and SPF. It enables you to identify any problem that comes along the way. And then you can resolve them at the earliest.
This way, you improve your domain’s reputation with ISPs. And it helps you with improved email deliverability, thus increasing your revenue.
Before you jump on implementing DMARC, you must set up DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF). You can, of course, check the DMARC’s records using online tools like valimail.com.
DomainKeys Identified Mail (DKIM)
DKIM is a way to authenticate all email messages. DKIM signs a private key and validates it with a public key on the ISP when you send an email. It confirms that the email is not altered in any way. Watch this video if you want to get into the detail of what DKIM is and why you should care for this:
DKIM is a way to sign your email with a private key. The recipient will then use the public key to verify that the email is authentic. Here’s what the public key looks like:
<!-- wp:paragraph -->
<p>pm._domainkey.domain.com IN TXT</p>
<!-- /wp:paragraph -->
<!-- wp:paragraph -->
<p>k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOCTHqIIQhGNISLchxDvv2X8NfkW7MEHGmtawoUgVUb8V1vXhGikCwYNqFR5swP6UCxCutX81B3+5SCDJ3rMYcu3tC/E9hd1phV+cjftSFLeJ+xe+3xwK+V18kM46kBPYvcZ/38USzMBa0XqDYw7LuMGmYf3gA/yJhaexYXa/PYwIDAQAB</p>
<!-- /wp:paragraph -->It prevents spammers and attackers from changing your email. ISPs use this information to build their reputation in return. And if you are following the best email marketing practices, you’ll improve your trust and reputation as well.
Sender Policy Framework (SPF)
SPF is a way for email service providers like Gmail and Yahoo to verify that a mail server can send an email for your domain. It’s a list of the services that may send an email on your behalf. Watch this video if you want to get into the detail of what SPF is and why you should care for this:
Like DKIM, SPF also uses the TXT record in your DNS zone file. It’s a good way to specify which servers can send messages for your domain. Here’s what it looks like:
v=spf1 a MX include:spf.mtasv.net include:_spf.google.com include:cmail1.com ~allKeep in mind that one domain has only one SPF record. You cannot specify the servers allowed to send messages for a subdomain.
How to Read DMARC Reports
DMARC reports provide essential details about all your emails sent using your domain. The information is necessary for saving your company from spam, phishing attacks, and more. There are two types of DMARC reports:
- DMARC Aggregate Report (RUA)
- DMARC Forensic Report (RUF)
And reading these reports can be challenging, especially for a non-technical person. The best way to read DMARC reports is to break them down into understandable pieces.
Here’s what the first section of DMAR raw reports looks like.
<!-- wp:paragraph -->
<p><?xml version=”1.0″ encoding=”UTF-8″ ?></p>
<!-- /wp:paragraph -->
<!-- wp:paragraph -->
<p><feedback></p>
<!-- /wp:paragraph -->
<!-- wp:paragraph -->
<p> <report_metadata></p>
<!-- /wp:paragraph -->
<!-- wp:paragraph -->
<p> <org_name>google.com</org_name></p>
<!-- /wp:paragraph -->
<!-- wp:paragraph -->
<p> <email>noreply-dmarc-support@google.com</email></p>
<!-- /wp:paragraph -->
<!-- wp:paragraph -->
<p> <extra_contact_info><a href="http://google.com/dmarc/support">http://google.com/dmarc/support</a></extra_contact_info></p>
<!-- /wp:paragraph -->It showcases your ISP or the name of your email service provider along with contact details. It can be Convertkit, Mailchimp, or any other email marketing service.
<report_id>8293631894893125362</report_id>As shown it’s a line of code that shows the report ID number.
<!-- wp:paragraph -->
<p><date_range></p>
<!-- /wp:paragraph -->
<!-- wp:paragraph -->
<p> <begin>1234573120</begin></p>
<!-- /wp:paragraph -->
<!-- wp:paragraph -->
<p> <end>1234453590</end></p>
<!-- /wp:paragraph -->
<!-- wp:paragraph -->
<p> </date_range></p>
<!-- /wp:paragraph -->This long number is actually the time of the beginning and ending date range in seconds. So don’t worry and divide it by 60 to get the minutes.
<!-- wp:paragraph -->
<p><policy_published></p>
<!-- /wp:paragraph -->
<!-- wp:paragraph -->
<p> <domain>yourdomain.com</domain></p>
<!-- /wp:paragraph -->
<!-- wp:paragraph -->
<p> <adkim>r</adkim></p>
<!-- /wp:paragraph -->
<!-- wp:paragraph -->
<p> <aspf>r</aspf></p>
<!-- /wp:paragraph -->
<!-- wp:paragraph -->
<p> <p>none</p></p>
<!-- /wp:paragraph -->
<!-- wp:paragraph -->
<p> <sp>none</sp></p>
<!-- /wp:paragraph -->
<!-- wp:paragraph -->
<p> <pct>100</pct></p>
<!-- /wp:paragraph -->
<!-- wp:paragraph -->
<p> </policy_published></p>
<!-- /wp:paragraph -->It’s the DMARC record specifications as published in your domain’s DNS.
<source_ip>302.0.214.308</source_ip>It’s the IP address of the sender.
And that’s the overview of your authentication results.
<!-- wp:paragraph -->
<p> <policy_evaluated></p>
<!-- /wp:paragraph -->
<!-- wp:paragraph -->
<p> <disposition>none</disposition></p>
<!-- /wp:paragraph -->
<!-- wp:paragraph -->
<p> <dkim>fail</dkim></p>
<!-- /wp:paragraph -->
<!-- wp:paragraph -->
<p> <spf>pass</spf></p>
<!-- /wp:paragraph -->
<!-- wp:paragraph -->
<p> </policy_evaluated></p>
<!-- /wp:paragraph -->From: domain
<header_from>yourdomain.com</header_from>DKIM authentication results
<!-- wp:paragraph -->
<p><dkim></p>
<!-- /wp:paragraph -->
<!-- wp:paragraph -->
<p> <domain>yourdomain.com</domain></p>
<!-- /wp:paragraph -->
<!-- wp:paragraph -->
<p> <result>fail</result></p>
<!-- /wp:paragraph -->
<!-- wp:paragraph -->
<p> <human_result></human_result></p>
<!-- /wp:paragraph -->
<!-- wp:paragraph -->
<p> </dkim></p>
<!-- /wp:paragraph -->SPF authentication results
<!-- wp:paragraph -->
<p><spf></p>
<!-- /wp:paragraph -->
<!-- wp:paragraph -->
<p> <domain>yourdomain.com</domain></p>
<!-- /wp:paragraph -->
<!-- wp:paragraph -->
<p> <result>pass</result></p>
<!-- /wp:paragraph -->
<!-- wp:paragraph -->
<p> </spf></p>
<!-- /wp:paragraph -->Doesn’t that make sense? But if you are still overwhelmed, why not use services like PowerDMARC and more to read these reports. You’ll enjoy multiple viewing formats with ease. Let’s know a bit about DMARC’s policy and alignment now.
DMARC Alignment
If you want to get the most out of DMARC, both DKIM and SPF must be aligned. This way, email receivers can trust the authentication results. If there’s a discrepancy, it could mean that your email was spoofed.
DMARC Policy
DMARC policy tells email receivers what to do if they can’t verify the authentication results. It’s a way to tell email providers what you want them to do with emails that fail the authentication check.
DMARC Guide: How to Set up DMARC in 2022
In this last section, you’ll learn how to set up DMARC for your organization in 2022. The DMARC DNS Setup will help you add DMARC to your DNS provider.
1. Create a domain record by going to DNS Hosting Provider
Decide on your record and add it to your DNS hosting service. You’ll, of course, need to log into your account. Find the prompt to create a new record or find the TXT section to edit. Interfaces may vary depending on your hosting provider.
You’ll view these fields once you have loaded the new record:
- Host/Name:
- Record Type:
- Value:
2. Hover over to ‘DNS Record Type’ and choose TXT, of course.
3. Add Host Value
It’s up to you or your hosting service but will add the value _DMARC into the records. And the hosting company will do the magic.
4. Add “Value” information.
There are two pairs in every DMARC record; v and p. The value pair for “v” is v=DMARC1. And you can leave the “p” tag pair as none, quarantine, or reject it. Don’t just leave them empty.
I recommend you to start your DMARC records with p=none because it allows you to identify email delivery problems. This way, email isn’t accidentally quarantined or rejected. Also, add the “rua” tag so that you see the reports on your email’s performance.
5. Click on the ‘Create/Save’ Button
Double-check all the records and click on the ‘Save’ or ‘Create’ button.
Run a DMARC record check to validate the setup. You’ll know if everything went smoothly. This is how to set up DMARC policy and implement it.
How to Set Up DMARC Quickly With EasyDMARC
Do you want to test your email security and spam filtering? Or do you want to stop hackers from sending emails from your domain?
EasyDMARC is a free and easy-to-use DMARC generator that allows you to create a DMARC record in minutes. It’s important to note a free plan for up to 10,000 emails per month via one domain.
Have a look at the EasyDMARC pricing plans if you want to upgrade.
Setting up DMARC is straightforward with EasyDMARC! Simply enter your email address and domain, and EasyDMARC will generate a DMARC record for you.
This is how to set up DMARC if you are a beginner:
#1 Go to EasyDMARC.
#2 Sign up for free.
#3 Or hover over to the ‘Tools’ section.
#4 Select DMARC Record Generator
#5 Enter your domain
#6 Add other information like policy type, email for reports, reporting interval, and applied percentage.
#7 Set your subdomain policy, SPF identifier alignment, DKIM identifier alignment, and failure reporting options.
#8 Copy the records and paste them into your DNS records.
#9 Save the records
And your domain is protected under DMARC now.
EasyDMARC is also an excellent resource for learning more about DMARC and how to use it effectively. The website includes a wealth of information on DMARC, including tutorials, best practices, and case studies.
If you’re looking for a quick and easy way to generate a DMARC record, then EasyDMARC is the tool for you. And if you have already done it, you can also do the DMARC lookup. Just go to DMARC Record Checker and enter your domain to confirm it.
Guide Conclusion: How to Set Up DMARC and Read
Setting up DMARC is essential for email security and spam filtering. It helps protect your email from being spoofed and protects your brand image. And it also shows customers that you take email security seriously.
You must set up and implement DMARC on your domain to prevent phishing attacks and keep your email server safe. I’ve shown you how to set up DMARC for your domain using these two methods. One is by creating DMARC and setting it up manually. The second method uses EasyDMARC, which has an easy-to-use DMARC generator.
So that’s all for now. And if you have any questions or suggestions, don’t hesitate to leave a comment below.