EXPLORATIONS

How to Set Up a DMARC Record for Your Email Domain to Comply with Google & Yahoo's 2024 Email Deliverability Requirements

By
Jon Uland
Published on
January 15, 2024

Do I Have a DMARC Record Published?

Do you already have a DMARC Record/Policy setup? Check here ➝

  • Navigate to MXToolbox.com and enter your sender subdomain (i.e. email.mycomany.com ) or your sender root domain (e.g. mycompany.com )
  • Click the MX Lookup submit button
  • Scroll to the table that mentions DMARC records to verify whether or not your record is published.

Note: A DMARC record is different than a DMARC policy. Policies are attributes of a DMARC record and it is recommended that they are initially set to "none".

What is DMARC?

DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. It's a way to make sure that emails sent from your domain are legitimate and to tell email servers how to handle emails that aren't. Think of it as a security guard for your emails.

What Makes Up a DMARC Record?

A DMARC record is a TXT record that lives on your Domain Name Servers. It contains several important attributes that tell email servers about your sender profile, your set of rules for how they should treat emails that do not appear to be from your domain (the "policy), and where to send reports if an email fails a DMARC check ("ruf" and "rua").

How to Create DMARC Record

  1. DMARC records are simple TXT records that follow the syntax found below. Create your own by copying the record below and replacing the reporting emails with your own.
  2. Place the DMARC record on your root domain (i.e. mydomain.com ), even if you send from a subdomain (i.e. mail.mydomain.com ). Your subdomain will inherit any policies you set up in the root domain.

Understanding DMARC Field Attributes

Below are the different attributes in a DMARC record and what they represent:

v: Denotes the record type – this is a DMARC record.

ruf: Tells email servers where to send reports of individual DMARC check failures.

rua: Tells email servers where to send aggregate reports of DMARC checks.

p: Denotes the rejection policy for emails that fail DMARC checks on the root domain.

sp: Denotes the rejection policy for emails that fail DMARC checks on subdomains.

Note: Individual subdomains can have their own DMARC policies that will override the root domain policy. If you're just getting started with DMARC, stick to just the one root domain record.

DMARC Policy Meanings

There are three main types of DMARC policies:

  • none: This tells receiving email servers to not do anything special with emails that fail DMARC checks. It's like saying, "Just keep an eye on things and let me know."
  • quarantine: This tells servers to put emails that fail the check into the spam or junk folder. It's like saying, "Put suspicious emails in a holding area."
  • reject: This tells servers to reject emails that fail DMARC. It's like saying, "Don't let suspicious emails in at all."

DMARC Report Monitoring

Don't fall asleep on your DMARC reports! Monitor the reporting you receive to the addresses you provided in your policy to make sure the emails that the DMARC failure reports denote should be rejected.

Once you are confident that DMARC checks are performing properly, you may update your policy to be more strict ("quarantine" or "reject").