- What is a DMARC policy and what is it used for
- Set a DMARC policy
- Verify the correct setting of the DMARC record in DNS
What is a DMARC policy and what is it used for
DMARC is an email authentication protocol that allows a domain owner to specify how recipients should behave if a message they receive is not authentic.
Therefore, DMARC allows a sender to impose certain behaviors on recipient servers for messages that have their domain (From 🙂 if the SPF and DKIM settings are not valid.
The DMARC email authentication system is used to protect against spoofing or phishing attempts sent by unreliable senders. DMARC can produce daily reports in XML format regarding the flow of emails. This helps verify that the servers sending emails on your behalf are legitimate.
Set a DMARC policy
Before activating a DMARC policy for your domain, make sure that the SPF record is set correctly.
Setting up a DMARC record requires you to choose how suspicious emails are handled. Emails are considered suspicious when they don't conform to the domain's SPF and DKIM settings.
Policy options (p) are:
- none: no action is performed on the message;
- quarantine: messages are marked as spam and moved to the Spam folder of LS Suite;
- reject: The recipient server is required to reject the message.
We recommend activating DMARC policies gradually, starting from ‘None', followed by ‘Quarantine' and ‘Reject'.
An example of a DMARC record could look like this:
v=DMARC1; p=quarantine; rua=mailto:[email protected]; ruf=mailto:[email protected]
This record instructs recipient servers to mark suspicious messages as spam and sends the daily report to the address [email protected]
To apply the above record, it is necessary to create a TXT type record in the domain DNS:
| Record Name | Record Type | Value |
|---|---|---|
| _dmarc.mycompany.com | TXT | v=DMARC1; p=quarantine; rua=mailto:[email protected]; ruf=mailto:[email protected] |
LS Suite interprets and applies the DMARC policies set by the sender, but does not include the sending of daily XML reports.
It is also possible to use web tools to create your own DMARC policies: https://www.kitterman.com/dmarc/assistant.html
Verify the correct setting of the DMARC record in DNS
To verify the correct setting of the DMARC record on your domain, you can run the nslookup command from the terminal:
nslookup -q=txt _dmarc.mycompany.com
Which should show, as a result:
_dmarc.mycompany.com text = “v=DMARC1; p=quarantine; rua=mailto:[email protected]; ruf=mailto:[email protected]
