DMARC, or Domain-based Message Authentication, Reporting & Conformance, is an email-validation system designed to detect and prevent email spoofing. Spoofing is where a spammer uses forged sender addresses, and often used in phishing, extortion and email spam. DMARC is built on top of two existing mechanisms; Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM).
As a result, DMARC has become an extremely important DNS record that will help protect your domain from being successfully used by spammers for sender or reply-to addresses, potentially damaging your reputation with your clients and others.
-
Log into your DNS control panel. This will most likely be where you host your primary website and domain.
-
We recommend you create a TXT record formed in the following way:
_dmarc.yourdomain.com.au. 3600 IN TXT "v=DMARC1; p=quarantine; rua=mailto:dmarc-agg@yourdomain.com.au; ruf=mailto:dmarc-forensics@yourdomain.com.au; fo=0; adkim=r; aspf=s; pct=100; rf=afrf; ri=86400; sp=quarantine"
-
Depending on the DNS system being used, be sure to include the trailing dots (.) and/or quotation marks ("), otherwise the records may be malformed and may fail. However, if you're using our DNS Manager, follow the instructions there, because trailing dots and quotations marks are not necessary.
You will also need to create two new aliases, forwarders or distribution lists with your mail provider in order to receive your DMARC record reports ...
-
dmarc-forensics@yourdomain.com.au
-
dmarc-agg@yourdomain.com.au
Note: Due to the nature of DNS, your updated DMARC record may take up to 72 hours to propagate.
You can test your new DMARC record using a reliable online tool HERE.
To find out more about DMARC (Domain-based Message Authentication, Reporting & Conformance), click HERE.
IMPORTANT: Having this DNS record in place is not mandatory but is strongly recommended. We may not be able to support you if you do not have this DNS record in place.