How to set up DMARC record for your domain

Taras Mykhailenko

1 year ago

After reading this tutorial, you’ll learn about DMARC records and how to set them up in your domain settings to improve your domain health when using cold email software.

Before setting up DMARC, ensure that SPF and DKIM records are already configured and have been active for at least 48 hours.

DMARC record explained

How to set up DMARC record

How to check DMARC record

How to view DMARC reports

A DMARC record is an email security protocol that helps servers and providers verify emails from your domain.

Reasons to set up DMARC:

DMARC record improves your domain’s security and email deliverability.

It protects your domain from spoofing and ensures your emails pass authentication checks.

DMARC record explained

When you send emails from your domain, a DMARC record helps receiving servers verify that your emails are properly authenticated using SPF and DKIM.

DMARC also defines how recipients should handle emails that fail SPF and DKIM checks. There are three options:

“None”: The receiving server accepts all emails. It tells the receiving side to take no action when emails fail SPF and DKIM check.
“Quarantine”: The emails that failed authentication are moved into a spam folder.
“Reject”: The receiving server rejects all emails that doesn’t pass authentication.

Here’s an example of the DMARC record: “v=DMARC1; p=quarantine; rua=mailto:dmarc-reports@example.com; pct=50”

In this example (note that the actual DMARC record you use may differ):

v=DMARC1: Specifies the DMARC version being used.
p=quarantine: Instructs receiving servers to quarantine emails that fail DMARC checks.
rua=mailto:dmarc-reports@example.com: Sets the email address where DMARC reports will be sent.
pct=50: Applies the DMARC policy to 50% of emails.

The”rua=mailto:” parameter activates DMARC reporting and specifies the email address(es) where DMARC reports should be sent.

Don’t use a regular email address for this purpose. Set up a dedicated mailbox, such as dmarc-reports@your-domain.com.

These reports are generated automatically and sent to this email address. (For more details, see the “View DMARC reports” section of this article.)

How to set up DMARC record

DMARC is added as a record in your domain’s DNS settings.

Step 1: Create a new record in domain settings

Log in to your domain hosting account (e.g., GoDaddy, Namecheap, Google Domains), where you purchased your domain. Then, go to the DNS management section to access your domain settings.

Create a new record and select TXT type.

If your domain provider is Namecheap:

Log in to your Namecheap account.
Open Domain list menu and choose your domain.
Click on the Manage button next to your domain.
Go to the Advanced DNS tab from the top menu.
Click Add new record –> choose TXT record.

If your domain provider is Cloudflare:

Log in to your Cloudflare account and select your domain.
Go to the DNS tab.
Click Add record –> select TXT type.

If your domain provider is Godaddy:

Log in to your Godaddy account.
Go to Domains page, select the domain and click Manage DNS.
Click Add record –> select TXT type.

If your domain provider is Google Domains:

Log into your Google Domains account.
Choose the domain and click the Manage button next to it.
On the left side menu, choose the DNS section.
Click Manage custom records button.
Click Add new record and select TXT type.

Step 2: Add DMARC parameters

Add the DMARC parameters to a newly created domain record.

In the Name or Host field, enter “_dmarc.yourdomain.com”. Just replace “yourdomain” with your actual domain address.

In the Value or Content field, enter the DMARC value.

Example: v=DMARC1; p=quarantine; rua=mailto:your email address for DMARC reports; pct=90

Click Save to update your domain settings.

How to check DMARC record

To ensure your DMARC record is correctly configured and has propagated in DNS, perform a quick test in your email account settings. To do it, go to your email accounts list and open the settings of the account under the relevant domain (click Edit icon).

Before checking DMARC, wait approximately 48 hours after making changes to ensure they are fully applied to your domain settings.

Go to the Optional settings section, select the Domain health tab, and click Check health. After the check is complete, you’ll see the status of your DMARC record (along with other DNS records). A “valid” status means your record is correctly set up and active. If there’s an issue, the check will flag it. To see more details, click on the record in the results box.

For personalized in-app instructions on fixing your DMARC record, perform a deliverability test and review details in the Issues to fix section.

How to view DMARC reports

DMARC reports are automated emails that provide details about messages sent from your domain and help detect security or email authentication issues.

Why review DMARC reports:

1) Track the percentage of emails from your domain that pass DMARC checks.
2) Know which IP addresses or email servers send emails on your behalf.
3) Detect emails from your domain that are failing authentication.

4) Understand how receiving servers handle emails from your domain that fail SPF and DKIM checks.

Receive DMARC reports

DMARC reports are automatically sent from recipient servers to the email address specified in your DMARC record.

Make sure the email address specified in your DMARC record has enough storage to keep incoming reports. This is why it’s recommended to create a separate new mailbox.

To receive and view DMARC reports, you need to set up a DMARC record for your domain. Ensure it includes the “rua=mailto:” tag with the appropriate email address.

For example: “v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.com; Without this parameter, reports will not be sent.

Find and download DMARC reports

While your email campaigns are active, regularly check your inbox for daily DMARC reports.

Look for email reports corresponding to the dates of your active campaigns. These emails have attachments in XML format containing DMARC report.

Download the attached file to your computer.

Review DMARC reports

DMARC reports in their raw form can be complex for most users to understand. To make the data more accessible and easier to interpret, use DMARC report analyzers that you can find online.

These tools convert the report into a readable format or a dashboard, providing insights and helping identify issues that need attention. Upload your XML file to your chosen tool.

Data in DMARC report

<report_metadata>:

Metadata about the report, such as the company name, report ID, and the date range covered in the report.

<policy_published>:

The DMARC policy active for your-domain.com.

<record>:

Details for email senders used by your domain:

- - <source_ip>: The IP address of the email sender.
  - <count>: Number of emails from this sender.
  - <policy_evaluated>: Indicates the policy checked (e.g., reject, none) and the results of DKIM and SPF checks.
  - <auth_results>: The statistics of DKIM and SPF checks.

Examples of issues found in DMARC report

Example 1: Sender IP:

SPF check failed and DKIM passed. This could indicate a mistake in SPF records or an unauthorized IP sending emails on behalf of your-domain.com.

Example 2: Sender IP:

Both SPF and DKIM checks failed for emails sent from spam-domain.com. This means a potential attempt to impersonate your-domain.com.

Issues to fix

Example 1: Verify the SPF record for your-domain.com and ensure all sending servers you use are included. This will usually be your email provider’s servers.

Example 2: Investigate the harmful sender IP and take actions to block it. Set DMARC policy to rejectto prevent such emails from reaching recipients.