How to Setup DMARC and DKIM

Mar 15, 2020 | Email Security

DMARC can be setup through your DNS management service by adding a TXT record.

Consideration should be made in constructing the initial DMARC policy to stop existing mail from being accidently quarantined or rejected, so configuring a DMARC audit policy (p=none) initially is always recommended.

To get the most value out of your DMARC deployment careful revisions of unaligned mail reported through the DMARC aggregate reports should be made to ensure all of your domain’s mail conforms to your standards.

Common DMARC tags

Tag Name Purpose Required? Example
v Protocol version Yes v=DMARC1
p Policy for the domain Yes p=none, reject, quarantine
pct Messages to be filtered (%) No pct=0-100
rua Reporting URI No

What is DKIM & DMARC?

DMARC and DKIM are protocols that assist with email authentication, policy enforcement and reporting.

DMARC (Domain-based Message Authentication, Reporting & Conformanceuses the results generated by SPF and DKIM to make a determination on how to handle received mail that conforms (or doesn’t!) to the sender’s mail standards and provides valuable feedback reports to mail administrators to monitor the health of their outbound mail and domain.

DKIM (DomainKeys Identified Mail) is a special signature added to emails that assist the receiving mail servers verifying the authenticity of the email.

DKIM will stamp an email message with a private key configured by the mail server which should not change during its journey to the recipient. The recipient mail servers verify the authenticity of the email by matching the private key in the email with the public key published to the DNS.

How does DMARC work?

DMARC allows domain owners to suggest actions (reject, quarantine, audit) for receiving mail servers based on the authentication results of either SPF or DKIM.

For mail that has SPF and/or DKIM in alignment, a DMARC enforced policy would not reject or quarantine the mail.

If a domain owner had a DMARC enforced policy and unaligned mail was sent from their domain, mail would be rejected on placed into the recipient’s quarantine or junk folder.

How does DKIM work?

DKIM works by adding a special signature (private key) to outbound emails that can be verified and validate by the recipient through performing a check of the sender’s DNS record (public key).

A change in this private key after the email has been sent would imply the message has been tampered with and should be subject to more scrutiny for receiving email servers.

More questions on how to secure your email?

Get in touch with us today to chat about how you can better protect your email, and your brand.

Contact Us

Ready for simple, ethical and transparent IT?

The problems of yesterday shouldn’t be the priorities of today.

Make IT a driving force for your organisation’s mission and vision.


1300 004 555



532 City Road, South Melbourne VIC