What is DMARC?
DMARC (Domain-based Message Authentication, Reporting & Conformance) is a standard that prevents spammers from using your domain to send email without your permission — also known as spoofing. Spammers can forge the “From” address on messages so the spam appears to come from a user in your domain.
DMARC ensures these fraudulent emails get blocked before you even see them in your inbox. In addition, DMARC gives you great visibility and reports into who is sending email on behalf of your domain, ensuring only legitimate email is received.
What are the benefits of implementing DMARC?
DMARC is a key component of a brand‘s email security and deliverability strategy as it enables:
- Visibility - Monitor emails sent using your domain to ensure they are properly authenticated using SPF and/or DKIM.
- Brand Protection - Block spoofed messages that might damage your brand‘s reputation with customers.
- Security - Prevent users from falling victim to phishing scams that could compromise your organization‘s security.
How does it work?
DMARC is based on a DNS TXT record that is added to the _dmarc subdomain of your domain. The format and values of the record defines your DMARC policies as well as where you would like to receive reports. A typical DMARC record looks like this:
v=DMARC1; p=none; pct=100; rua=mailto:email@example.com; sp=none; aspf=r;
Here is a quick description of the tags:
The important tags are
pct= when it comes to controlling how ISPs accept your email. The
p= record can be set to quarantine, reject or none. ISPs that support DMARC will look up the results of your DKIM and SPF records for messages they receive for your domain. If SPF and DKIM are not aligned, the messages can be quarantined (sent to junk folder) or rejected completely. The
pct= allows you to define how many messages you would like to be filtered based on the DMARC results. And finally, the
rua= tag is the email address where you would like to receive reports.
How can I implement DMARC for my domain?
DMARC is extremely powerful as a tool to stop email spoofing. At the same time, it’s highly complicated and risky to implement. If you set a DMARC policy without knowing all of your email sources (mailboxes, email marketing, CRM, transactional email, server alerts, etc) you could potentially reject legitimate emails.
When setting up the contact email address for your Zapnito community, we will work with you to ensure that SPF and DKIM are setup correctly for your domain. Once this is done, Zapnito will be listed as a valid source.
It is recommended that you first set your DMARC policy to
p=none. This will allow you to receive reports on the sending sources of your emails and slowly align all outgoing email with DKIM and SPF for your domain.
To learn how to setup and implement DMARC for your domain, please refer to this guide.