Press enter to see results or esc to cancel.

Ankit Prakash in Transactional Emails
  2 Comments

How to Create DMARC Record in 5 Simple Steps for Your Domain Name

Social internet is on a rise and eCommerce is penetrating at lightening speed. While our web experience has gone from good to awesome, spammers and phishers too had a gala time intruding into our internet privacy! Theft of passwords, bank accounts, manipulating brand names, etc. are just a few proven ways for spammers and phishers to benefit from the loopholes of the internet. Every issue has a solution as well. Spammers and phishers can be effectively blocked by implementing DMARC (Domain-based Message Authentication Reporting and Conformance). You can safeguard your customers, brand name as well as your employees. This blog posts explain how to Create DMARC Record in simple steps.

Create DMARC Record in just 5 simple steps

How DMARC works?

DMARC majorly relies on two authentication protocols: the DKIM (Domain Keys Identified Mail) and SPF (Sender Policy Framework). SPF and DKIM must be there on your Envelope From and Friendly From domains before the implementation of DMARC. Follow this guide for SPF and DKIM implementation on your sending domain name.

How to Create DMARC Record?

Implementation of DMARC can get tricky at times. However, here’s a step by step guide that will help you to create DMARC Record to your domain name in just 5 steps.

Create DMARC record in 5 steps:

I. Domain Alignment Verification

The first step to create DMARC record is to open all the email headers from the emails that you send. Next task is to identify the domain or subdomain. The domain or subdomain is listed at:

The Envelope From (i.e. Mail-From)
The Friendly From (i.e. Header from)
The d=domain in DKIM-signature

Check if your domain names are identical. If they are identical, then they are aligned. Hence, you can now create instructions for the mailbox provider to block all malicious emails posing to be sent via your brand name.

However, if you don’t find the domain names to be identical, do not panic. You can still create a DMARC record. Only, in this case, you will need IT, and security team to help you.

II. Email accounts Identification

You will get aggregated and forensic reports on a daily basis through your DMARC. Hence, you will need to designate an email specifically for this purpose. You will receive all your reports in this email. You can choose to use two accounts to avoid getting messed up with all the data.

III. Know about DMARC Tags

DMARC tags are the standard DMARC language. They instruct the email receiver:

  • To check the DMARC
  • What to do with those messages that fail the DMARC authentication

There is a host of DMARC tags available, of which you will need just a few. It is advisable to keep it simple. For instance, you can concentrate on tags like v=, fo=, p=, ruf, and rua tags.

Incase you want to read about above DMARC tags; then you can read this guide.

IV. Generate DMARC Text record in your DNS

For every sending domain, you must generate a DMARC record. The mail receiver policy must be set to ‘none’ to complete the process. After doing this, you can now gather all the information on your entire email ecosystem, like who is sending emails on your brand’s behalf, who are receiving them, and which emails are bouncing back.

You must specify your email address in the ruf and rua tags to receive the reports. As an example, your email address should look something like this:

v=DMARC1; p=none; rua=mailto:postmaster@easysendy.com; ruf=mailto:postmaster@easysendy.com; fo=1;

V. Implementing DMARC into DNS

This is the last step to create DMARC record. You will need to work with your DNS administrator. Once your DMARC is added to DNS, you will start receiving reports of the domain you choose to monitor.

You will receive information on the source of email traffic that is using that domain. Probably you will be able to identify certain vendors or partners who are sending emails on your behalf, of which you had no intimidation.

For example, if your domain name is example.com, want to send outgoing emails from email address of format xyz@example.com and you want to receive DMARC reports on email postmaster@example.com; you can add DMARC TXT record like:

  • example.com._report._dmarc.example.com TXT v=DMARC1;
  • _dmarc.example.com TXT v=DMARC1; p=none; rua=mailto:postmaster@example.com; ruf=mailto:postmaster@example.com; fo=1;

As mentioned above, there are 2 DMARC records which need to be updated on domain name example.com.

Note:  Please change the domain domain name [example.com] and email [postmaster@example.com] with your own sending domain name & email, then finally update them on your own domain name.

You can find your domain hosting provider related DNS update tutorials from here.

DMARC helps in eliminating email frauds. So start adding DMARC records asap before your brand name gets stained.

Related posts:

  1. Best Practices To Handle Trial Expiration Email
  2. Best Practices To Handle User Invitation Email
  3. Sending Domain Reputation is the Only Reputation You Have
  4. DMARC is The Reason for Increasing Email Delivery Failure Rate
2 Comments
Written By
Ankit Prakash

Ankit Prakash is principal founder of Aritic. Ankit is a passionate and determined entrepreneur; building successful Internet product since 2006.

Comments

2 Comments

Ernest Thomas
/ Reply

If you are thinking to decrease the count of email frauds, then it is a must read article. Ankit, Thanks a lot for updating the article.

Martha Wright
/ Reply

I like this guide sooo much! The section on “How to Create DMARC Record” is very insightful.

Leave a Comment