DMARC is a protocol for monitoring and controlling the e-mail flows of a mail domain.
Ready to set up your first DMARC record?
In order to fully benefit from DMARC, simply set up a DMARC record in your DNS zone:
- Hostname : _dmarc.yourdomain.com
- Type : TXT
- Value : several possible values
Typically, it should not take more than 5 minutes to set up this record. The aim of this article is to present various possible values for your DMARC record that can assist your organization in fulfilling its security, legal, and control requirements.
Examples of common DMARC records:
If you wish to receive reports concerning the senders of emails that utilize your domain name, along with samples of emails sent with your domain name that do not pass their SPF or DKIM authentication tests:
v=DMARC1; p=none; rua=mailto:yourmail@yourdomain.com; ruf=mailto:yourmail@yourdomain.com; fo=1;
If you desire to receive reports regarding the senders of emails that use your domain name, but you prefer not to receive samples of emails sent with your domain name in order to avoid storing any personal data (such as email addresses and subjects):
v=DMARC1; p=none; rua=mailto:yourmail@yourdomain.com;
If you prefer for emails that have not been authenticated by your organization to be delivered to your recipients' spam folders:
v=DMARC1; p=quarantine; rua=mailto:yourmail@yourdomain.com;
If you don't want your recipients to receive emails that are not authenticated by your organization:
v=DMARC1; p=reject; rua=mailto:yourmail@yourdomain.com;
If you wish to prevent unauthenticated emails from being delivered to your recipients when they are sent from your top-level domain, but you are willing to permit the receipt of unauthenticated emails when they are sent from subdomains:
v=DMARC1; p=reject; sp=none; rua=mailto:yourmail@yourdomain.com;
If you prefer to prevent unauthenticated emails from being delivered to your recipients by your organization, but you desire for them to receive unauthenticated emails from a specific subdomain.
Set up a DMARC monitoring policy on the "subdomain" not to be monitored:
- Hostname : _dmarc.subdomaindobeprotected.yourdomain.com
- Type : TXT
- Value : v=DMARC1; p=none; rua=mailto:yourmail@yourdomain.com;
If you want your recipients to receive only 30% of your organization's unauthenticated emails in their spam folder:
v=DMARC1; p=quarantine; pct=30 ; rua=mailto:yourmail@yourdomain.com;
This DMARC record enables the gradual implementation of DMARC in "quarantine" mode, by mitigating the risks associated with potentially unidentified legitimate email sources identified during DMARC report analysis.
If you want to partition your suppliers so that they can only send e-mails to the subdomain they have been assigned:
v=DMARC1; p=reject; adkim=s; aspf=s; rua=mailto:yourmail@yourdomain.com;
If you use Jira, please note that Jira truncates text containing "mailto:" URLs. To ensure proper display, always utilize the {code} tag when inserting code into Jira tickets.
Monitoring DMARC reports: a regular task over time
Setting up these DMARC records will allow you to receive a large number of DMARC XML reports like this one:
After implementing DMARC in "blocking" mode, it is essential to regularly analyze DMARC reports to verify that all legitimate email sources have been authenticated using SPF/DKIM. The SPF/DKIM/DMARC mechanism requires consistent and meticulous maintenance. Therefore, our system utilizes statistical analysis and machine learning techniques to automatically identify new legitimate sources that require SPF and DKIM authentication. Additionally, it detects any attempts to spoof your domain names. To ensure proactive monitoring, you have the option to configure real-time alerts that will promptly notify you of these events. This empowers you to take immediate action, mitigating the risks associated with unauthorized access and fraudulent activities.
To enhance your convenience, we have implemented a managed and user-friendly service specifically designed to assist you in analyzing these reports.