• Log In
  • Sign Up
  • Contact Us
PowerDMARC
  • Features
    • PowerDMARC
    • Hosted DKIM
    • PowerSPF
    • PowerBIMI
    • PowerMTA-STS
    • PowerTLS-RPT
    • PowerAlerts
  • Services
    • Deployment Services
    • Managed Services
    • Support Services
    • Service Benefits
  • Pricing
  • Power Toolbox
  • Partners
    • Reseller Program
    • MSSP Program
    • Technology Partners
    • Industry Partners
    • Find a partner
    • Become a Partner
  • Resources
    • DMARC: What is it and How does it Work?
    • Datasheets
    • Case Studies
    • DMARC in Your Country
    • DMARC by Industry
    • Support
    • Blog
    • DMARC Training
  • About
    • Our company
    • Clients
    • Contact us
    • Book a demo
    • Events
  • Menu Menu

Top 10 DMARC Rules You Should Follow in 2022

Blogs
Top 10 DMARC Rules You Should Follow in 2022

If you’re new to email authentication and DMARC analyzer, there are a few DMARC rules that you need to follow starting today that can prove to be a game-changer in your email authentication journey. To summarize a few of the most basic rules:

1. Don’t use a policy that allows no authentication

4. Set up SPF records for your domain(s) as well

5. Set up DKIM signature for your domain(s)

Now let’s delve deeper and explore these DMARC rules along with others, to help you strengthen your overall authentication infrastructure. 

We’ve all heard about DMARC, but what is it?

DMARC stands for Domain-based Message Authentication, Reporting & Conformance. It’s an email security protocol that helps ensure your email is authenticated before it is delivered to minimize domain forgery. It was created with the goal of preventing phishing attacks and other email attacks by verifying that the sender of an email is who they say they are.

How do you use DMARC?

It’s simple! First, you set up your domain’s DNS records to indicate that you want to use DMARC. Then, if someone tries sending an email from your domain without using DMARC, they won’t be able to send it unless they have a public key associated with their domain—which is only possible if they’re authorized. This ensures that only legitimate emails will reach recipients’ inboxes, while also allowing people to set up notifications for messages that come from outside their network.

The process works as follows: 

  •  A sender sets up a DMARC record for their domain with an SPF record and enables DKIM signing (optional but recommended) in their DNS records. 
  • When an email is sent from that domain, it contains a header with information about what settings were used and what they were set to. This header can be used by receivers such as Gmail to check whether the message has been sent according to the expected format or not. 
  • If there is an issue with any of these settings then it will be flagged as either failing or soft failing depending on whether or not this was intentional on behalf of the sender; if so then they may choose to ignore it altogether until they have fixed whatever caused it.

One thing we love about DMARC is how easy it is to set up—it can be done in just a few steps!

DMARC Rules 101 for Businesses 

When you’re setting up a DMARC policy, there are a few rules you should follow. Here is a list of the top 5 most important DMARC rules:

  1. The policy must be a TXT record, and it must be published on your DNS. If you don’t have a TXT record in your DNS, you have not implemented the protocol.
  2. The policy should be p=reject or p=quarantine if you want to block messages that aren’t authenticated. 
  3. If you’re using multiple policies and setting up different levels of authentication for each one (like “my brand” vs “my organization”), make sure they all have unique SPF records and DKIM signatures! Otherwise, they’ll all get lumped together under one rule and won’t sync well.
  4. DMARC also requires you to set up SPF and/or DKIM records for your domain. This rule is mandatory even if you don’t want to use DMARC because it helps prevent spoofing attacks where an attacker can use someone else’s email address or domain name to send phishing emails that appear legitimate but aren’t actually from an authorized source.
  5. Another important DMARC rule requires you to publish a DMARC record containing your email address so that other organizations can report any issues related to your emails using this system. These are known as DMARC reports. 

Additional DMARC rules for enhanced protection

  1. Consider setting up a DMARC policy for your parked domains (inactive domains) since even they can be spoofed by attackers to successfully impersonate your brand. 
  2. Setting up multiple SPF or DMARC records for the same domain is strictly discouraged. A single domain should contain only one SPF and DMARC record. However, you may choose to configure more than one DKIM record for the same domain to enable periodic key rotation for better protection.  
  3. You can skip on setting up a policy for your subdomains unless you wish to implement a different mode of enforcement for them. This is because DMARC policies for your main domain get automatically inherited by subdomains. 
  4. If you want to receive DMARC reports outside your domain (on an external email address that doesn’t fall within the scope of your own domain) you need to enable external domain verification to tell servers that the external domain consents to receiving those reports. 
  5. Finally, it is important to note that DMARC is no silver bullet and doesn’t protect you against all attacks. You do need to have a reliable antivirus and firewall in place along with DMARC to scale up your security. 

At which stage of your authentication process should you implement these DMARC rules?

If you’re just starting out, you do not need to abide by all of the above-mentioned DMARC rules at the very beginning of your authentication process. For example, a p=reject policy to start with may cause complications in deliverability. It is instead recommended you start with a none policy to monitor your email channels before committing to enforcement.

Here’s where matters may get a little complicated. It is crucial that you determine a pace that works best for you and your business. Start slowly by implementing relaxed policies for your protocols so you can have complete control over them until you’re ready to opt for enforcement.

dmarc rules

  • About
  • Latest Posts
Ahona Rudra
Digital Marketing & Content Writer Manager at PowerDMARC
Ahona works as a Digital Marketing and Content Writer Manager at PowerDMARC. She is a passionate writer, blogger, and marketing specialist in cybersecurity and information technology.
Latest posts by Ahona Rudra (see all)
  • Methods To Protect Yourself From Identity Theft - September 29, 2023
  • The Role of DNS in Email Security - September 29, 2023
  • New Age Phishing Threats and How to Plan Ahead - September 29, 2023
June 22, 2022/by Ahona Rudra
Tags: 2022 dmarc rules, dmarc rules, rules of DMARC, top 10 dmarc rules
Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on WhatsApp
  • Share on LinkedIn
  • Share by Mail

Secure Your Email

Stop Email Spoofing and Improve Email Deliverability

15-day Free trial!


Categories

  • Blogs
  • News
  • Press Releases

Latest Blogs

  • Methods To Protect Yourself From Identity Theft
    Methods To Protect Yourself From Identity TheftSeptember 29, 2023 - 12:11 pm
  • The Role of DNS in Email Security
    The Role of DNS in Email SecuritySeptember 29, 2023 - 12:08 pm
  • New Age Phishing Threats and How To Plan Ahead
    New Age Phishing Threats and How to Plan AheadSeptember 29, 2023 - 12:06 pm
  • How to View and Analyze Message Headers Online
    How to View and Analyze Message Headers Online?September 26, 2023 - 12:59 pm
logo footer powerdmarc
SOC2 GDPR PowerDMARC GDPR comliant crown commercial service
global cyber alliance certified powerdmarc csa

Knowledge

What is Email Authentication?
What is DMARC?
What is DMARC Policy?
What is SPF?
What is DKIM?
What is BIMI?
What is MTA-STS?
What is TLS-RPT?
What is RUA?
What is RUF?
AntiSpam vs DMARC
DMARC Alignment
DMARC Compliance
DMARC Enforcement
BIMI Implementation Guide
Permerror
MTA-STS & TLS-RPT Implementation Guide

Tools

Free DMARC Record Generator
Free DMARC Record Checker
Free SPF Record Generator
Free SPF Record Lookup
Free DKIM Record Generator
Free DKIM Record Lookup
Free BIMI Record Generator
Free BIMI Record Lookup
Free FCrDNS Record Lookup
Free TLS-RPT Record Checker
Free MTA-STS Record Checker
Free TLS-RPT Record Generator

Product

Product Tour
Features
PowerSPF
PowerBIMI
PowerMTA-STS
PowerTLS-RPT
PowerAlerts
API Documentation
Managed Services
Email Spoofing Protection
Brand Protection
Anti Phishing
DMARC for Office365
DMARC for Google Mail GSuite
DMARC for Zimbra
Free DMARC Training

Try Us

Contact Us
Free Trial
Book Demo
Partnership
Pricing
FAQ
Support
Blog
Events
Feature Request
Change Log
System Status

  • Français
  • Dansk
  • Nederlands
  • Deutsch
  • Русский
  • Polski
  • Español
  • Italiano
  • 日本語
  • 中文 (简体)
  • Português
  • Norsk
  • Svenska
  • 한국어
© PowerDMARC is a registered trademark.
  • Twitter
  • Youtube
  • LinkedIn
  • Facebook
  • Instagram
  • Contact us
  • Terms & Conditions
  • Privacy Policy
  • Cookie Policy
  • Security Policy
  • Compliance
  • GDPR Notice
  • Sitemap
PowerDMARC helps Hamdan Bin Mohammed Smart University overcome their email security...PowerDMARC helps Hamdan Bin Mohammed Smart University overcome their email security challengesWhat is Trusted ARC SealWhat is a Trusted ARC Seal?
Scroll to top