How to enable DMARC on your domain

To enable DMARC on your domain add the following TXT record to your domain DNS.

Hostname: _dmarc.YOURDOMAIN.com
Time to live (TTL): lowest possible
Record type: TXT
Value: v=DMARC1; p=none; rua=mailto:YOUR-CHOSEN-EMAIL@YOURDOMAIN.COM
_(Please use an administrator email address that you choose to receive DMARC reports to.)_

We also recommend using an aggregator to help filter the content of these emails that will be returned. The top reporting aggregators we have found are:

  1. dmarcian (http://dmarcian.com)
  2. 250OK (http://250OK.com)
  3. Agari (http://agari.com)

This is based on our experience and based on suggestions from https://dmarc.org/resources/products-and-services/

Tagged:

Comments

  • edited January 22

    I have enabled DMARC as per this guide and have a record like this:

    "v=DMARC1; p=none; rua=mailto:email@thexyz.com"

    Problem is, I am still seeing some spoofed emails coming through. How can I stop these? Do I need to block non SPF verified emails from going through?

  • Thanks for your interest in getting setup with DMARC. Based on the record you have set up, the policy shows as "p=none". This means that when a message comes through that doesn't align with SPF, it takes no action.

    I would recommend changing that to "p=quarantine", which will send these emails to spam. At which point you can notify your staff that these emails will be going to junk.

Sign In or Register to comment.