How to Create DMARC Record – Explained in Detail

Learn how to create a DMARC record and validate it properly. Also, understand why implementing a DMARC record is essential to enhance your email deliverability.

DMARC, or ‘Domain-based Message Authentication, Reporting & Conformance,’ is a security protocol that helps organizations protect their email domain from spoofing, phishing attacks, and other email-based threats. A DMARC record allows organizations to specify which email authentication protocols they want their email servers to use. It will also enable them to create a reporting policy that tells email receivers what to do with messages that fail authentication.

Why is DMARC important?

A DMARC DNS record allows organizations to determine which senders are authorized to send an email in the name of their domain and what policy the sender is authorized to use. DMARC is important because it allows email senders and receivers to agree on a standard approach for email authentication. This joint policy enables email receivers to determine the email authentication status of messages purporting to come from the sender’s domain.

How Does a DMARC Record Look?

A DMARC record is merely a TXT record that comprises various tags as follows:

DMARC record look
Note: Y=Yes, O = Optional

As mentioned above, only three tags (v, p, and ruf) are compulsory, and others are only optional.

A simple DMARC record example looks like this:

v=none; p=none;

What is a DMARC Policy?

When creating a dmarc txt record, you need to specify a policy to instruct the receiver email server to act according to your instructions in the policy. The functioning of the DMARC record is set in the ‘p‘ tag.

The policies available in DMARC are:

  • none –
  • No action needs to be taken.
    (For starters, they can specify ‘none’ and gather all the reports. Based on the information, if there are many issues, they can change it to ‘quarantine‘ or ‘reject‘).
  • quarantine
  • Quarantine the problematic emails.
    (All emails that fail authentication will be quarantined. Most probably, these emails will end up finally in the junk folder of the receiver).
  • reject –
  • Reject all emails that fail authentication.
    (All emails that fail the DMARC check will be rejected and bounced back to the sender).

What is DMARC Record “Alignment” Mode?

The DMARC record alignment mode is represented in the ‘aspf’ and ‘adkim’ tags for the SPF and DKIM components included in the DMARC record. While the ‘aspf’ tag specifies the alignment mode for SPF, the ‘adkim’ is provided for DKIM.

Both the tags ‘aspf’ and ‘adkim’ can have either ‘r’ or ‘s’ values, where ‘r’ means ‘relaxed’ and ‘s’ means’ strict.’ The ‘relaxed’ value means the record can accept even partial matches, while the ‘strict’ value only accepts exact matches.

How to Create DMARC Records?

Setting up DMARC records is easy by following the steps outlined below:

Step 1) Check if a DMARC record exists

Before adding a DMARC DNS record, it is essential to check if a DMARC record exists in your server already. There are various free DMARC record-checking tools out there.

In the free DMARC TXT record check tool, provide the domain name for which you want to check the DMARC record.

For example, when you check if a DMARC record exists for Google, the checking tool displays the record as shown below:

(Image source – MXToolBox)

But if the record is not found, it will display “No DMARC Record Found” as shown below:

(Image source – MXToolBox)

Step 2) Creating DMARC record

By creating a DMARC record, you can ensure that your email is being delivered to the correct recipient’s inbox and not being sent to a spam folder. You’ll need to use a DMARC record creation tool to create one. There are various tools available online to generate DMARC records. DMARC Report is an example of one such free DMARC record generator tool. It is pretty easy to setup DMARC records using this tool. However, it must be compatible with your email service provider for setup.

You can specify the DMARC policy, report email address, domain name, and other data requested in the tool to create the record. Please remember that only the domain, policy, and email address are compulsory, and others are optional.

Step 3) That’s all

Now you have successfully created a DMARC record.

You can also add DMARC records on Cloudflare. GoDaddy, Namecheap, cPanel, and Office 365.

How to Add DMARC TXT Record to DNS Server?

Once you have generated your DMARC txt record, it needs to add it to your DNS server. Remember that some domain hosts also provide options for creating a DMARC record and adding it to the domain. But if you don’t have a lot of opportunities, you can use any free DMARC record generator tool to create the record and add it to your domain host.

In the domain host, search for the ‘Add DNS record’ option and click that link. You can then add the following information to the page:

Name – _dmarc

Type – txt

Content – (Paste your DMARC record here)

TTL – 300

How to Test a DMARC Record?

By creating a DMARC record, you can avoid your email landing in a spam folder. However, you’ll need to test it to ensure it’s working correctly once completed. A DMARC validation tool can help you check DMARC DNS records as shown below:

Why is it Important to Validate a DMARC Record?

To ensure that your email account is authenticated correctly, it is essential to validate your DMARC record. Otherwise, there could be an error in the record type, and it will not work as intended even if you publish it in the DNS. Validating your DMARC record ensures that it works properly. The following are the advantages of DMARC record validation.

  • It shows if the record is published correctly.
  • It checks the record and points out any error in its formatting.
  • It provides additional information on any extra parameters.
  • It helps find out the destination of the DMARC reports.

Why is it Important to Implement Your DMARC Policy Slowly?

If you are only starting to set up your DMARC record for the first time, it is recommended to go slow with the procedures. It helps you understand the kind of traffic your domain and subdomain receive.

Based on the reports received, you can start implementing the DMARC policies step by step. Initially, it is always better to set your policy to ‘none.’ Once you start getting the reports and see that many messages are spam and spoof emails that can put your websites and other sensitive data at risk and hackers from getting access to your website, you can change the policy from ‘none’ to’ quarantine.’

Again, start reviewing the results from your feedback reports. Check both your DMARC feedback reports and spam reports. Once you are sure that all emails originating from your server are appropriately signed, change your DMARC policy to ‘reject‘ from ‘quarantine.’ But it is always good to analyze the reports for some more time unless you feel comfortable with the results.

How DMARC Records Help Deliver Better Customer Experiences?

  • Spam and phishing prevention: DMARC includes the widely accepted SPF and DKIM email authentication standards. Hence, when email receivers check a message against the DMARC standard, they can determine the email’s legitimacy.
  • Deliverability Improvement: Email senders can also use DMARC to determine whether their messages are correctly delivered to recipients’ servers. DMARC is an excellent tool for improving email deliverability and protecting your company and resources and your devices from spam, phishing, and spoofed messages. It also helps improve your customers’ experience and helps build trust.
  • Reputation Protection: DMARC also provides reporting so you can see how your email address is being used. You can also receive feedback if people are abusing your domain name. This feedback can help you to identify and fix any vulnerabilities in your email security and protect your website and your brand reputation to a great extent.

Final Words

DMARC is a great technology to protect your email domain and subdomain from spoofing and phishing attacks and helps prevent hackers from getting access to your sensitive data. This guide has explored DMARC and how a DMARC record can help an organization secure its mail communication. It also examined the steps for setting up a DMARC record and validating it.

However, if you don’t set it up correctly, you could end up blocking legitimate emails from being delivered to your users. And it is essential to test your DMARC TXT record before publishing it to ensure it is error-free. When used properly, a DMARC record can significantly help company communication which can be highly beneficial for the business and provide an excellent customer experience at a great price.

Ready to Start?

DMARC Report is designed for large scale reporting needs, with a combination of domains and message volume.