DMARC

From Acenet Knowledgebase
Revision as of 17:33, 24 December 2016 by Docs admin (Talk | contribs) (How Does DMARC work)

Jump to: navigation, search

DMARC (Domain-based Message Authentication, Reporting and Conformance) is an e-mail authentication method designed to help reduce e-mail abuse. It builds upon the SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) authentication methods to provide a more reliable way to exchange email messages.


How Does DMARC work

DMARC standardizes how email receivers perform email authentication. This means that senders will experience consistent authentication results for their messages at AOL, Gmail, Hotmail, Yahoo! and any other email receiver implementing DMARC. This should encourage senders to more broadly authenticate their outbound email which can make email a more reliable way to communicate.


Acenet recommends setting up a specific email address for the DMARC feedback reports. You can use either "postmaster@" or possibly "dmarc@" your domain as the mailto address in the DNS record below.

Configuring DMARC in DNS

To enable DMARC, add a TXT record to your domain's DNS zone file.

1) Log into cPanel

2) In the Domains section of cPanel, click Advanced DNS Zone File.

3) Under Select a Domain, select the domain you want to add a record to.

4) Under Add a record, in the Name text box, type _dmarc

5) In the TTL textbox, enter 14400

6) In the Type list box, select TXT

7) In the TXT Data box, enter the DMARC configuration DATA.

Different mail providers handle DMARC policies in different ways. You may have to experiment with various DMARC configurations to find the one that works best for your domain.

Here are some examples of DMARC configuration

  • Enable DMARC monitor mode. With this configuration enabled, the specified e-mail address (in the mailto setting) receives daily reports from providers regarding how many messages were received and whether or not they passed policy checks:
v=DMARC1;p=none;rua=mailto:[email protected]
  • Instruct the recipient to quarantine all messages (100%) that do not pass policy checks:
v=DMARC1;p=quarantine;pct=100;
  • Instruct the recipient to reject half of all messages (50%) that do not pass policy checks. The remainder should be quarantined:
v=DMARC1;p=reject;pct=50;

8) Click Add Record.


Testing your DMARC DNS record

After adding the DNS TXT record for DMARC, please allow a few hours for DNS Propagation.

Microsoft Windows

Type nslookup at a command prompt. At the nslookup> prompt, type the following commands, replacing example.com with the actual domain name. 

set type=txt
_dmarc.example.com

You should see output that resembles the following 

_dmarc.example.com       text =
     "v=DMARC1;p=none;rua=mailto:[email protected]"
Linux and MAC OS X

Type the following command at the command prompt. Replace example.com with your own domain name: 

dig +short txt _dmarc.example.com

You should see output similar to the following. 

"v=DMARC1; p=none; rua=mailto:[email protected]"
Retrieved from "https://kb.acenet.us/index.php?title=DMARC&oldid=2188"