DMARC can be setup through your DNS management service by adding a TXT record.
Consideration should be made in constructing the initial DMARC policy to stop existing mail from being accidently quarantined or rejected, so configuring a DMARC audit policy (p=none) initially is always recommended.
To get the most value out of your DMARC deployment careful revisions of unaligned mail reported through the DMARC aggregate reports should be made to ensure all of your domain’s mail conforms to your standards.
Common DMARC tags
|p||Policy for the domain||Yes||p=none, reject, quarantine|
|pct||Messages to be filtered (%)||No||pct=0-100|
What is DKIM & DMARC?
DMARC and DKIM are protocols that assist with email authentication, policy enforcement and reporting.
DMARC (Domain-based Message Authentication, Reporting & Conformance) uses the results generated by SPF and DKIM to make a determination on how to handle received mail that conforms (or doesn’t!) to the sender’s mail standards and provides valuable feedback reports to mail administrators to monitor the health of their outbound mail and domain.
DKIM (DomainKeys Identified Mail) is a special signature added to emails that assist the receiving mail servers verifying the authenticity of the email.
DKIM will stamp an email message with a private key configured by the mail server which should not change during its journey to the recipient. The recipient mail servers verify the authenticity of the email by matching the private key in the email with the public key published to the DNS.
How does DMARC work?
DMARC allows domain owners to suggest actions (reject, quarantine, audit) for receiving mail servers based on the authentication results of either SPF or DKIM.
For mail that has SPF and/or DKIM in alignment, a DMARC enforced policy would not reject or quarantine the mail.
If a domain owner had a DMARC enforced policy and unaligned mail was sent from their domain, mail would be rejected on placed into the recipient’s quarantine or junk folder.
How does DKIM work?
DKIM works by adding a special signature (private key) to outbound emails that can be verified and validate by the recipient through performing a check of the sender’s DNS record (public key).
A change in this private key after the email has been sent would imply the message has been tampered with and should be subject to more scrutiny for receiving email servers.
More questions on how to secure your email?
Get in touch with us today to chat about how you can better protect your email, and your brand.