How to setup DMARC authentication

DMARC authentication is a protection mechanism that enhances security, protects against fraud and phishing attempts, and guarantees the legitimacy of email messages. DMARC policy complements SPF and DKIM by providing an authentication policy for the domain. It helps define actions to be taken for emails that fail SPF and/or DKIM checks, such as quarantining or rejecting them. What's more, DMARC gives you detailed reports so you can detect if there have been any attempts to impersonate your domain. Learn more about email authentication >

How to create a DMARC record

Before you start

Important: there are several possible options and variations for creating a DMARC record, depending on the degree of control you wish to have over messages that fail DMARC validation, the actions you wish others to take if this is the case, and whether or not you wish to receive DMARC reports. Consult an expert or your hosting provider to make the right decisions for your organization and your email usage.

How to do it

To create a DMARC record, you need to add a TXT (text) format record in your DNS. Here's an example: 

Type: TXT
Host/Name: _dmarc.yourwebsite.com
Value: v=DMARC1; p=none; rua=mailto:dmarcreport@yourwebsite.com;

Meaning of the tags

• v=: It’s the DMARC version. The value must be DMARC1. This tag is mandatory.
• p=: Indicates what action to take when the message received fails the DMARC check. There are 3 possible values: none (don’t take action even if DMARC fails), quarantine (mark as spam and put in junk mail) or reject (block/delete message). Learn more in this Gmail article >
• rua=: Email address for receiving reports on DMARC activity in your domain. Although not mandatory, these reports let you know which messages sent from your domain pass or fail SPF, DKIM and DMARC validation. Be aware that you may receive a large number of emails at the address indicated in the "rua=" tag. The reports received are in XML format. This type of file is unfortunately difficult and unpleasant to read, but there are online services to which you can send your reports and which will analyze them for you.

Good to know

There are various tools on the web to guide you through generating your DMARC record, as well as helping you interpret DMARC reports, such as  EasyDMARC and Dmarcian. Gmail also offers a tutorial and several informative, easy-to-read help articles on DMARC implementation.

Verify your DMARC record

Once your DMARC record is in place (please note it may take some time before the record is visible and available everywhere), you can validate if the format is correct by using an online tool.

Here are a few examples: 

• https://dmarcian.com/dmarc-inspector/
• https://mxtoolbox.com/dmarc.aspx
• https://easydmarc.com/tools/dmarc-lookup