DMARC - Domain-based Message Authentication, Reporting and Conformance

What is a DMARC record?

  • A DMARC (Domain-based Message Authentication, Reporting & Conformance) record describes a policy that email recipients (like Gmail, for example) should use to handle security for emails from your domain.

  • It is stored as one of your domain’s DNS Records.

  • DMARC works with SPF and DKIM records to help determine whether an email that appears to have been sent from your domain is legitimate or not. Specifically the DMARC policy determines what to do with emails that fail those SPF and DKIM checks.

Where can I add the DMARC record?

The DMARC record can be added by following these steps:

  • In the SiteHost Control Panel main menu, open DNS Zones followed by your desired DNS Zone
  • Once in your DNS Zone if you scroll to the bottom you should see some empty space to add a new entry
  • Enter the Host Name _dmarc.
  • Select a Type of TXT.
  • Enter the DMARC record (see “What should my DMARC record look like?” below). image2
  • After filling in your entry hit Save Changes
  • Give the record some time to propagate.

What should my DMARC record look like?

If you are a small-to-medium business that doesn’t send a lot of emails (i.e. less than 5000 a day), then you should be OK with a record like this (replace with your email domain):

v=DMARC1; p=none;

To break this down:

v=DMARC1 - This is the version of DMARC this record is implemented for. For now only DMARC1 is valid. p=none - This is where you specify one of the three DMARC policies (none, quarantine, or reject) to apply. The none policy still runs the SPF/DKIM checks on your emails, and they are all still delivered to their intended recipient. The results are merely attached to the headers for the receiving mail server to handle (in Gmail’s case it gets bounced back, while other services would add a SPAM tag for example). sets the address that your DMARC reports will be sent to. Make sure you replace with your own domain.