Setting up a DMARC Policy

This article discusses everything you need to know about DMARC policy

Liz Gannes avatar
Written by Liz Gannes
Updated over a week ago

This article discusses everything you need to know about DMARC policy, why it is important to have one in place, and how to go about setting up a DMARC policy

What is a DMARC policy?

Domain-based Message Authentication, Reporting & Conformance (DMARC) is a policy that a domain (or website) publishes in its public Domain Name System (DNS) to let a receiving mailbox provider know how email sent from that domain should be authenticated and whether it should be delivered to the spam folder or rejected if it fails that authentication.

DMARC was first introduced to protect domains from being the victims of spoofing and phishing.

Why do I need a DMARC policy record?

Recently, Yahoo! and Google announced that starting in February of 2024, they will tighten requirements on inbound emails to their users. One of these requirements is that all emails sent to their users must come from a domain that is authenticated and has a published DMARC policy.

A DMARC policy is also good for your brand, as a strong policy will protect your brand from phishing attacks. If you want to do a quick check to see if your domain already has a DMARC policy in place, you can do a lookup here.

How do I create a DMARC record?

The type of DMARC policy being set depends on a lot of factors. If you’re just looking to get DMARC policy published to comply with the new requirements, Mailmunch recommends that the following TXT record be added to your DNS settings:

Hostname: _dmarc.yourdomain.com

Value: v=DMARC1; p=none;

For a DMARC record, the hostname will always start with “_dmarc.” followed by your domain. This is standardized so that the receiving mailbox providers can easily look up if you have a record.

The “p=” tag within the Value is what tells the receiving server what to do if the message fails a DMARC alignment check. There are three possible values:

  • none - Does not specify what to do with failures.

  • quarantine - Tells the receiving server to put unsigned or failed emails into the junk folder.

  • reject - Tells the receiving server to bounce unsigned or failed email back to the sender

This is just a “bare necessities” type of record. We strongly recommend that you check out DMARC.org and opt for a more strict DMARC policy for your domain.

How do I publish my DMARC record?

Once you have your DMARC records, you will need to add this to your DNS settings with your hosting provider.

Every provider has a slightly different interface, so you’ll need to log in and follow the support prompts there.

Once you find where you need to enter the information, please add the following records

  • Record type: TXT (some interfaces may call it DMARC)

  • Hostname: _dmarc.yourdomain.com

  • Value: v=DMARC1; p=none;

Some hosting providers automatically add your domain to the record, in which case you’ll only need to enter “_dmarc” for the hostname.

How is DMARC alignment checked?

There are two ways to pass a DMARC check. Messages can be DMARC aligned either by DKIM or SPF:

  • DKIM alignment: The “From” domain must match the domain found in the DKIM signature, and the DKIM signature must pass. Within Mailmunch, this can be accomplished by verifying DKIM Records

  • SPF alignment: SPF alignment for DMARC requires that the message header domain matches the “From” domain. SPF alignment isn't possible when sending through Mailmunch. All of the emails sent from our platform will however pass an SPF check.

Did this answer your question?