Introduction

This is a basic guide on how to craft a DMARC record for your domain. For more extensive information, reference the dmarc.org site. Below shows the anatomy of a DMARC record in an effort to show what options are available and what to use in crafting a new DMARC record.

We would also like to mention that DMARC records are "all-for-one", in that, they would apply to all emails for the domain. Please use caution when crafting a new record.

How to check 

Visit this website and enter your domain name, https://mxtoolbox.com/ , then click "mx lookup"

Sample:

v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc-reports@yourdomain.com.au

; ruf=mailto:dmarc-reports@yourdomain.com.au

Procedure

DMARC works in conjunction with SPF and DKIM to help ensure legitimate email authenticates in the correct manner. This is done by settings a policy on what do so with emails that do match the DMARC record settings.

A sample DMARC record for a test domain: cptest@domain.tld

Raw DMARC TXT record:

_dmarc.domain.tld. 897 IN TXT "v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc-reports@domain.tld; ruf=mailto:dmarc-reports@bounces.domain.tld"

This record contains the following information:

record name: _dmarc.domain.tld.
Protocal version: (v) - v=DMARC1
Policy: (p) - p=quarantine
Percentage of messages for filtering: (pct) - pct=100
Reporting URI for aggregate reports: (rua) - rua=mailto:dmarc-reports@domain.tld
Reporting URI for forensic reports: (ruf) - ruf=mailto:dmarc-reports@bounces.domain.tld

In the above example, the DMARC records would cause the receiver to quarantine all email messages that are non-aligned with the SPF and/or DKIM record of the domain 100% of the time. And send a report to the two email addresses for analysts.

DMARC has more options that can be used than the above. For a full list, we recommend reviewing the "Anatomy of a DMARC resource record in the DNS" section of the dmarc.org webpage.

https://dmarc.org/overview/

Searching for the domain from this third-party site will show any current settings, as well as more detailed information regarding the DMARC options.

https://dmarcian.com/dmarc-inspector/

The DMARC record needs only be placed on the authoritative DNS servers and is a DNS TXT record.

If your nameservers are on cPanel servers, then you can add the record to the server using the WHM DNS Manager.

Or you can add it as a TXT record on third-party nameservers like Amazon Web Services (AWS).

 

Ref: https://support.cpanel.net/hc/en-us/articles/360055638973-How-to-build-a-DMARC-record

Ref:

How do I craft a specific DMARC Record?

Firstly, here is an example of what a DMARC record might look like.

"v=DMARC1;p=reject;pct=100;rua=mailto:postmaster@mydomainname.com"

What does this all mean?

  • is equal to the protocol version
  • p is equal to the policy for the domain name
  • pct is equal to the percentage of messages that should be subject to filtering
  • rua determines where any reports should be sent to (aggregated reports).

There are a couple of more advanced options, that are not included in this simplified example.

  • ruf determines where “forensic reports” should be sent to.
  • sp is the policy for sub-domains
  • adkim sets the alignment mode for DKIM
  • aspf sets the alignment mode for SPF

The easiest way to create your own DMARC record is to use the generator in cPanel, to copy the above example and simply change the email address that reports will be sent to.

Bu cavab sizə kömək etdi? 0 istifadəçi bunu faydalı hesab edir (0 səs)

Ən məşhur məqalələr

SPF Records / DKIM

Introduction Most email providers require your domain to contain an SPF and DKIM record to...