• Log In
  • Sign Up
  • Contact Us
PowerDMARC
  • Features
    • PowerDMARC
    • Hosted DKIM
    • PowerSPF
    • PowerBIMI
    • PowerMTA-STS
    • PowerTLS-RPT
    • PowerAlerts
    • Reputation Monitoring
  • Services
    • Deployment Services
    • Managed Services
    • Support Services
    • Service Benefits
  • Pricing
  • Power Toolbox
  • Partners
    • Reseller Program
    • MSSP Program
    • Technology Partners
    • Industry Partners
    • Become a Partner
  • Resources
    • DMARC: What is it and How does it Work?
    • Datasheets
    • Case Studies
    • Blog
    • DMARC Training
    • DMARC in Your Country
    • DMARC by Industry
    • Support
  • About
    • Our company
    • Clients
    • Contact us
    • Book a demo
    • Events
  • Menu Menu

How to Configure DMARC?

Blogs
How to configure DMARC

DMARC is a protocol that helps prevent email fraud and phishing attacks by verifying the authenticity of incoming messages. To configure DMARC, create a DMARC record, choose a policy, configure SPF and DKIM, monitor DMARC reports, and adjust the policy as needed. The DMARC record specifies the policy for handling emails that fail authentication checks, and the policy can be set to none, quarantine, or reject. SPF and DKIM should be configured for your domain to ensure that your emails pass DMARC checks. 

It’s important to regularly monitor DMARC reports and adjust the policy as needed to improve email authentication and protect your domain from fraud and phishing attacks.

What is a DMARC TXT Record?

DMARC is configured in TXT format that is published on your DNS. It validates the source of email messages by checking the From address against the address of the reported owner of the sending domain. The recipient’s server handles incoming emails depending on the verification results. You can set the record to take no action against unauthorized emails, quarantine them, or completely reject their entry to the mailbox.

A published DMARC record is also responsible for sending reports to the owner with data about all the emails seen from their respective domain.

Steps to Configure DMARC

To configure DMARC, you need to form a DMARC TXT record and publish it on DNS. if you own a custom domain or deploy on-premises Exchange servers, you have to know how to configure DMARC manually for all the outbound emails sent from your domain. The usual steps involved in the process are:

Step 1: Identify Valid Sources of Mail for Your Domain

If you have already implemented SPF, you must be aware of this drill. But you need to consider a few more points to configure DMARC for email authentication.

  • See which all IP addresses are allowed to send emails using your domain.
  • Check if the 5321.MailFrom and 5322.From (domains match for all the messages sent by third-party vendors on your behalf. 

Step 2: Set Up SPF For Your Domain

Once you have made a list of all valid IP addresses that are allowed to send emails using your domain, set up SPF to avert phishing and spoofing attacks in your company’s name.

Step 3: Set Up DKIM For Your Custom Domain (optional but recommended)

Now that you have set up SPF, you need to set up DKIM as well to configure DMARC record. DKIM helps you add a digital signature to email headers. If you don’t reset DKIM configurations for your domain, there can be a DMARC failure as there will be a mismatch between the 5321.MailFrom and 5322.From addresses.

DMARC will also fail for emails sent by third-party vendors if the 5321.MailFrom and 5322.From addresses aren’t the same. You need to align your domain specifically with a third-party sender to avoid DMARC failure. This way, recipients’ servers don’t mark your emails as suspicious, which otherwise could impact the email deliverability rate. 

Step 4: Form the DMARC TXT Record For Your Domain

The next step to take to configure DMARC is to create your DMARC TXT record in the following format:

_dmarc.domain  TTL  IN  TXT  “v=DMARC1; p=policy; pct=100”

Where:

  • domain is the domain you have to implement DMARC to. By default, the DMARC record shields mail from the domain and all the subdomains. 
  • TTL has to be equivalent to one hour, which means you can set it to either hour (1 hour), minutes (60 minutes), or seconds (3600 seconds). It will depend on your domain registrar’s preference.
  • pct specifies that these DMARC rules are to be applied to 100% of emails.
  • Policy indicates how you want recipients’ mail servers to handle unauthenticated emails sent from your domain. You can set it to none, quarantined, or reject. Click here to read more about DMARC policies.

You can use our free DMARC record generator tool to create a record you can publish on your DNS. it automatically generates it so that you don’t have to do it manually. All you have to do is set a policy (none, quarantine, or reject) and choose your protocol alignment modes. 

Post forming your record, the next step is to update it at your domain registrar.

Step 5: Add DMARC Record to DNS

Go to your DNS and select your domain. Then, click on Add to create a new DNS record. Also ensure, that you don’t have multiple records added. Enter the TXT values in the columns and save. Don’t forget to validate and monitor it from time to time using a DNS TXT record lookup tool. It reveals syntax or configuration errors and remediates them easily.

Final Words

Understanding how to configure DMARC helps you stay out of the reach of phishers and scammers as they exploit email messages by impersonating senders. To implement the DMARC protocol, you need to create a TXT record to be added to DNS. This is easy to generate using free tools where you have to select the policy, alignment mode, add the email address where you want to receive reports, and then add it to your DNS.

Configure DMARC

  • About
  • Latest Posts
Ahona Rudra
Digital Marketing & Content Writer Manager at PowerDMARC
Ahona works as a Digital Marketing and Content Writer Manager at PowerDMARC. She is a passionate writer, blogger, and marketing specialist in cybersecurity and information technology.
Latest posts by Ahona Rudra (see all)
  • Web Security 101 – Best Practices and Solutions - November 29, 2023
  • What is Email Encryption and What are its Various Types? - November 29, 2023
  • DMARC Black Friday: Fortify Your Emails This Holiday Season - November 23, 2023
February 27, 2023/by Ahona Rudra
Tags: Configure DMARC, Configure dmarc record, How to configure DMARC
Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on Twitter
  • Share on WhatsApp
  • Share on LinkedIn
  • Share by Mail
You might also like
dmarc setup blogDMARC Setup: DMARC Setting and Configuring Guide

Secure Your Email

Stop Email Spoofing and Improve Email Deliverability

15-day Free trial!


Categories

  • Blogs
  • News
  • Press Releases

Latest Blogs

  • Web Security 101 - Best Practices and Solutions
    Web Security 101 – Best Practices and SolutionsNovember 29, 2023 - 4:52 pm
  • What-is-Email-Encryption-and-What-are-its-Various-Types
    What is Email Encryption and What are its Various Types?November 29, 2023 - 12:39 pm
  • Configure DMARC
    DMARC Black Friday: Fortify Your Emails This Holiday SeasonNovember 23, 2023 - 8:00 pm
  • Google and Yahoo New Requirements 2024
    Google and Yahoo Updated Email Authentication Requirements for 2024November 15, 2023 - 3:23 pm
logo footer powerdmarc
SOC2 GDPR PowerDMARC GDPR comliant crown commercial service
global cyber alliance certified powerdmarc csa

Knowledge

What is Email Authentication?
What is DMARC?
What is DMARC Policy?
What is SPF?
What is DKIM?
What is BIMI?
What is MTA-STS?
What is TLS-RPT?
What is RUA?
What is RUF?
AntiSpam vs DMARC
DMARC Alignment
DMARC Compliance
DMARC Enforcement
BIMI Implementation Guide
Permerror
MTA-STS & TLS-RPT Implementation Guide

Tools

Free DMARC Record Generator
Free DMARC Record Checker
Free SPF Record Generator
Free SPF Record Lookup
Free DKIM Record Generator
Free DKIM Record Lookup
Free BIMI Record Generator
Free BIMI Record Lookup
Free FCrDNS Record Lookup
Free TLS-RPT Record Checker
Free MTA-STS Record Checker
Free TLS-RPT Record Generator

Product

Product Tour
Features
PowerSPF
PowerBIMI
PowerMTA-STS
PowerTLS-RPT
PowerAlerts
Reputation Monitoring
API Documentation
Managed Services
Email Spoofing Protection
Brand Protection
Anti Phishing
DMARC for Office365
DMARC for Google Mail GSuite
DMARC for Zimbra
Free DMARC Training

Try Us

Contact Us
Free Trial
Book Demo
Partnership
Pricing
FAQ
Support
Blog
Events
Feature Request
Change Log
System Status

  • Français
  • Dansk
  • Nederlands
  • Deutsch
  • Русский
  • Polski
  • Español
  • Italiano
  • 日本語
  • 中文 (简体)
  • Português
  • Norsk
  • Svenska
  • 한국어
© PowerDMARC is a registered trademark.
  • Twitter
  • Youtube
  • LinkedIn
  • Facebook
  • Instagram
  • Contact us
  • Terms & Conditions
  • Privacy Policy
  • Cookie Policy
  • Security Policy
  • Compliance
  • GDPR Notice
  • Sitemap
Malware-as-a-Service (MaaS): What is it and How to Prevent it?What is Malware as a Service MaaS2021 scamsTop 5 Evolved Email Fraud Scams: 2023 Trends
Scroll to top