Domain-based Message Authentication, Reporting & Conformance

What is DMARC?

DMARC is a an email authentication, policy and reporting protocol.

It builds on SPF and DKIM and allows you to protect your domain from fraudulent emails. You can detect and prevent spoofed emails claiming to come from your domain.

Getting Started

If you want to get started with DMARC you already need to have SPF and DKIM in place.

If you're using a hosted mail provider like GSuite, O365, FastMail or others, search online for how to setup SPF and DKIM with those providers. This is generally a simple process that only requires you to set a DNS TXT record for SPF and a CNAME record for DKIM.

Here is our SPF record: 299 IN TXT "v=spf1 ~all"

Here are our DKIM records: 299 IN CNAME 299 IN CNAME 299 IN CNAME

Your records will be different, so please don't copy and paste ours!

Enable DMARC

Once you have SPF and DKIM configured, you can enable DMARC. Enabling DMARC is as simple as creating a single DNS TXT record that contains the policy you would like enforcing on your emails. Here is an example of what that might look like:

v=DMARC1; p=none;

DMARC is very flexible and you can be as strict or relaxed as you like in your policy. There are details on how to configure DMARC here.