How to Create and Add a DMARC DNS Record

What is a DMARC record?

In simple terms, DMARC is an email authentication protocol designed to combat cyberattacks. It leverages standard protocols such as SPF and DKIM to detect spoofing, where attackers impersonate legitimate organizations. By safeguarding against spoofing, DMARC plays a critical role in protecting organizations and their customers.

How does DMARC help?

By preventing phishing and spoofing attacks, DMARC safeguards your domain from being exploited for malicious purposes and stops impostors from impersonating your company. Alongside SPF and DKIM, DMARC signals to email providers that your organization is credible and not fraudulent. This boosts your email deliverability and can prove especially beneficial when sending newsletters or other mass emails.

DMARC Policies

When setting up a DMARC record, you must decide on a policy that determines how emails failing DMARC checks are handled. There are three options:

• “None” policy, which only monitors and gathers data without taking action. Emails are delivered as usual.
• “Quarantine” policy, which sends failed emails to a designated spam folder or similar.
• “Reject” policy, which blocks all emails that fail DMARC checks from being delivered.

It’s recommended to start with a “None” policy, move to “Quarantine,” and finally to “Reject.” This gradual approach allows you to monitor emails sent from your domain, test the effects of quarantining, and eventually block unauthenticated emails.

DMARC email reports

When configuring a DMARC record, it’s important to provide an email address to receive reports. These reports offer an XML-based overview of email traffic from your domain, highlighting any failures in DMARC checks.

There are two types of reports available:

• RUA (Aggregate) reports: These reports are sent daily and provide a comprehensive overview of all emails sent from your domain, including associated IP addresses.
• RUF (Failure) reports: These reports are triggered only when an email fails the DMARC check. They contain the original message and its header for the failed email.

To effectively manage DMARC reports, we recommend creating a dedicated email account on your domain specifically for receiving these reports. Additionally, it is advisable to configure your DMARC policy to receive both RUA and RUF reports for comprehensive visibility.

How do I create a DMARC record?

1. Log into your DNS at your server dashboard
2. Add a new TXT record 
3. Enter the following details:
   1. Under hostname enter _dmarc
   2. Under Value enter the text below, while adding your own policy and email address:
      
      v=DMARC1; p=policy name; rua=mailto:an-email-address; ruf=mailto:an-email-address
   3. – Leave TTL empty to default to 3600 seconds.
4. Save the record

How can I test my DMARC record?

Go back to our DNS checker tool to make sure you have added your DMARC correctly. 

Now make sure your Google Workspace and Microsoft 365 data is backed up.

Google and Microsoft do not back up your data by default. This leaves your business at serious risk of collapse. Contact BackupVault today for a Free Trial of our cloud backup solutions.