Skip to content
Related Articles

Related Articles

What is DMARC?

View Discussion
Improve Article
Save Article
  • Last Updated : 28 Jul, 2021

DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance” is an email authentication, policy, and reporting protocol that operates alongside Sender Policy Framework(SPF) and DomainKeys identified mail (DKIM) to determine the authenticity of an email message. DMARC protects organizations from Business Email Cyberattacks, it also allows them to receive DMARC reports from mail service providers.

How to Create DMARC Record?

You can use the DMARC Record Generator tool to create a customized DMARC record with a few simple steps:

1. Go to EasyDMARC free DMARC Record Generator tool

DMARC Record Generator Tool

Dmarc Record Generator on EasyDMARC

2. Select the Policy type (choose from “none”, “quarantine”, and “reject”).

Select Policy Type

Common DMARC policies

  • Nothing or None: This means that an email will be treated the same as if DMARC was not set up. A message can still be delivered, placed in the inbox, spam, or discarded. The option usually watches the environment, used in report analyses without affecting delivery methods.
  • Quarantine: The option allows an email but does not make it to the inbox. These messages usually go straight to spam when the DMARC check fails.
  • Reject: Discards any messages that fail the DMARC check immediately.

3. Choose your Aggregate reporting address (for instance mailto:example@easydmarc.com).

Aggregate reporting address

Aggregate reporting address

4. Select a Subdomain policy type (again, choose from “none”, “quarantine”, and “reject”).

Subdomain policy

5. Next, select SPF identifier alignment (can be chosen either “relaxed” or “strict”).

SPF identifier alignment

6. Choose DKIM identifier alignment (can be chosen either “relaxed” or “strict”).

DKIM Identifier alignment

DKIM identifier alignment

7. Write down the Percentage applied for your DMARC policy (the percentage of messages from the domain owner mainstream to which the DMARC policy is applied, the default is 100).

Percentage applied for DMARC Policy

The percentage applied for your DMARC policy

8. Also, choose the Reporting interval (the requested interval in seconds between aggregate reports, the default is 86400).

Reporting Interval

Reporting interval 

9. Choose your Failure reporting address (for instance mailto:example@easydmarc.com).

Failure reporting address

Failure reporting address

10. And lastly, pick out Failure reporting options (controls the type of reports that are sent out).

Failure reporting optioms

Failure reporting options

11. Once the tags are customized, click on the button that says “Generate DMARC Record” on the bottom.

Generate DMARC Record

Generate DMARC Record

12. Your DMARC record is created!

DMARC Record is created

DMARC record created on EasyDMARC

There are different types of DMARC tags and all DMARC tags are divided into optional and required tags.

Tag Name

Purpose

Sample

v Protocol Version v=DMARC1
p Policy for organizational domain p=quarantine
ruf Reporting URI for forensic reports ruf=mailto:authfail@example.com
rua Reporting URI of aggregate reports rua=mailto:aggrep@example.com
pct Percentage of messages subjected to filtering pct=20
sp Policy for subdomains of the OD sp=reject
adkim Alignment mode for DKIM adkim=s
aspf Alignment mode for SPF aspf=r

Required tags

  1. Version (“v”): Must take the value DMARC1 (e.g v=DMARC1). The entry will be ignored otherwise.
  2. Policy (“p”): Policy for receiving messages. Determines the policy for the domain and subdomains.

Optional tags

  1. RUA Report Email Address (rua): Addresses for sending Aggregated reports, separated by commas. It is possible to specify mailto: links for sending reports by mail.
  2. RUF Report Email Address (ruf): Addresses to submit Failure reports, separated by commas. Specifying this tag implies that the owner requires recipient servers to send detailed reports on every message that fails DMARC validation.
  3. Percentage (pct): It specifies the number of emails to be filtered, indicated as a percentage. For example, “pct = 20” will filter 20% of emails.
  4. Subdomain Policy (sp): This tag represents the requested handling policy for subdomains.
  5. ADKIM Tag (adkim): DKIM record authentication check. It can take the value Relaxed “r”, or Strict “s”. The default is “r”

In relaxed mode, if the DKIM record being verified belongs to the domain d=example.com, and the message is sent from email@news.example.com, the verification will pass. In the strict mode, the check will be passed only if the sending comes from an address on the example.com domain. Subdomains will not pass validation.

How to implement DMARC with EasyDMARC

1. Identify your domains

Identify all the domains that you own. This means all the domains from which emails are sent on your company’s behalf including “look-alike” or “cousin” domains and any inactive/parked domains.

2. Add your domain(s)

Register an account at EasyDMARC and add your domain(s) 

Add domain

 The system automatically will forward you to the Add Domain page after the registration.

Add domain page

3. Generate the DMARC record for your domains

As you add your domain, we automatically generate DMARC Record for you.

Generate DMARC record

The same DMARC record applies to all the domains under one account.

4. Publish the generated DMARC Record in your DNS

How to add the DMARC record in DNS?

Here is an example of a published record in the Cloudflare DNS

Cloudflare DNS

published DMARC record in the Cloudflare DNS

Note that the Name section of the TXT record should be _dmarc

Once the TXT record is saved in the DNS, use the DMARC record lookup tool on the EasyDMARC website to ensure the record is set up correctly.

DMARC Status

Ensuring DMARC is setup correctly

When the DMARC status is shown the green color, that indicates the record is set up correctly.


My Personal Notes arrow_drop_up
Recommended Articles
Page :

Start Your Coding Journey Now!