Domain-based Message Authentication, Reporting & Conformance

What is DMARC?

DMARC is a an email authentication, policy and reporting protocol.

It builds on SPF and DKIM and allows you to protect your domain from fraudulent emails. You can detect and prevent spoofed emails claiming to come from your domain.

Getting Started

If you want to get started with DMARC you already need to have SPF and DKIM in place.

If you're using a hosted mail provider like GSuite, O365, FastMail or others, search online for how to setup SPF and DKIM with those providers. This is generally a simple process that only requires you to set a DNS TXT record for SPF and a CNAME record for DKIM.

Here is our SPF record: 299 IN TXT "v=spf1 ~all"

Here are our DKIM records: 299 IN CNAME 299 IN CNAME 299 IN CNAME

Your records will be different, so please don't copy and paste ours!

Enable DMARC

Once you have SPF and DKIM configured, you can enable DMARC. Enabling DMARC is as simple as creating a single DNS TXT record that contains the policy you would like enforcing on your emails. Here is an example of what that might look like:

v=DMARC1; p=none;

DMARC is very flexible and you can be as strict or relaxed as you like in your policy. There are details on how to configure DMARC here.

Supported report types

Currently, we support only the aggregate feedback reports (rua) and we don't have any plans to implement support for ruf (message-specific failures) reports at present as they can contain samples of the message content itself and this is data we don't wish to store or process. At present, given ruf reports are such low volume, and the nature of the content they can contain, our best advice is to send those directly to your own email.