DMARC (Domain-based Message Authentication, Reporting & Conformance) is a policy that specifies how the recipient’s mail server should handle incoming emails that fail SPF or DKIM authentication.
This helps to protect your domain from spoofing – it being used by someone to send emails without your permission.
Preventing spoofed emails from reaching users can lower spam complaints and improve your domain‘s reputation with ESPs.
Prior to enabling DMARC, ensure that SPF and DKIM are set up. Set up DMARC 48 hours after setting up SPF and DKIM.
How does DMARC work
Without a DMARC, your email service provider will decide what to do with emails that failed DMARC check.
DMARC policy aligns with SPF and DKIM records and lets you decide what to do with such emails.
Basically, a DMARC policy tells the receiving server how to handle an email message if it doesn’t pass authentication. There are 3 options:
- “none”: the receiving server doesn’t take any action. This option is only suitable for monitoring and doesn’t protect your domain.
- “quarantine”; the emails are moved to a spam folder.
- “reject”; the receiving server rejects all emails meaning that they won’t reach a recipient.
Check DMARC record
You can check if your domain has an existing DMARC policy with a tool like MX Toolbox.
On the MXToolbox website, select the DMARC Lookup option and enter your domain name.
Click the button next to it to do a lookup.
If your domain has a DMARC policy, you will see it in the Result column.
Set up DMARC
Just like SPF and DKIM, a DMARC record is a TXT record published to the DNS of your domain under name _dmarc.yourdomain.com,
where “yourdomain” is your actual domain name.
Here’s an example of a DMARC record:
v=DMARC1; p=quarantine; rua=mailto:reports@domain.com
- v=DMARC1 – represents a default protocol version
- p=quarantine – email processing policy to apply
- rua=mailto:reports@domain.com – an email address to send DMARC reports to
Here are basic steps you need to follow to set up DMARC:
- Log in to your DNS hosting provider.
- Create a new record and select TXT record type.
- Add host or name value (_dmarc.yourdomain.com).
- Add the DMARC record value.
If you use one of these providers, you can refer to the resources below to set up your DMARC record.
Google Workspace:
Office 365:
Setting up DMARC policy is specific to your own domain and does not involve your Snov.io settings. We don’t have email servers so all emails are sent directly from your email provider. DMARC policy is applied to your domain’s DNS, not Snov.io.
Sorry about that 😢
How can we improve it?