What are DMARC records?
A DMARC (Domain-based Message Authentication, Reporting, and Conformance) record is a TXT record published in the DNS. This record instructs email receivers on how to handle emails that do not pass DMARC authentication and specifies the destination for reports on email authentication statistics. Emails typically fail authentication on the receiver’s side when SPF or DKIM failures occur.
The DMARC record comprises of various tags, each providing instructions to the email receiver on authentication policies.
Below are the commonly used tags:
v (Version): Specifies the DMARC version being used. Example: v=DMARC1.
p (Policy): Instructs the email receiver what to do with email that fails authentication. Possible values include none, quarantine, or reject.
rua (Aggregate Reporting): Specifies the email addresses to which aggregate DMARC reports should be sent.
ruf (Failure Reporting): Specifies the email addresses to which forensic (failure) DMARC reports should be sent.
Follow the steps below to add a DMARC record.
Steps
-
1
-
2You're now ready to add the generated DMARC record to your DNS zone file.
-
3
-
4Select a Product (e.g. Web Hosting) from the side menu.
-
5Search for and select the domain name.
-
6Under Domain Tools, select Manage DNS.
-
7Select + Add record.
-
8Add the following information:
- Type: TXT
- Host: _dmarc
- Value (also called Destination): As specified by the DMARC record you generated or that was provided to you. An example of how this may look:
-
9Select Add to save your DMARC record.
What happens next
Once the TXT record has been added, compliant email receivers will begin to honour the tags on the domain’s DMARC record.
For DMARC records to be effective, you should first have an SPF and DKIM record in place.
As of February 2024, Google and Yahoo will require DMARC records for domains sending 5000 or more emails a day to their servers.
