A DMARC (Domain-based Message Authentication Reporting and Conformance) policy will determine what will happen to an email after the server checks it against SPF and DKIM records. The result is that the email will either pass or fail SPF and DKIM. This post discusses how to set DMARC for Cloudflare users.
If you have a DMARC policy in place, it will determine if the DKIM and SPF failure will result in the e-mail getting marked as spam, blocked, or delivered to the intended recipient. While some e-mail servers can still mark the e-mail as spam even when there is no DMARC record, a DMARC policy clearly states when to do so. The DMARC record stores the domain’s DMARC policy, which is stored in the DNS (Domain Name System) as DNS TXT records. The DNS TXT record will have all the information the administrator wants to associate with the domain. They can also get used for storing DMARC policies.
Here is how to set up a DMARC record in Cloudflare.
The Setup
If you’re unsure if you have a DMARC txt record set up for your website, you can use a DMARC checker tool to scan your DNS records. Firstly, a DMARC record needs to be generated, which can be done using a DMARC record generator. If it says that no DMARC record is found, try using a DMARC analyzer to aid in generating the record.
Once your DMARC record is generated, there are a few steps you need to follow to set the record in your Cloudflare DNS.
- Visit the Websites page after logging into the Cloudflare website.
- Then select DNS settings by clicking the Settings button next to the domain you want to change.
- The Add option to add a new DNS record can be found at the bottom of the following page.
- Select TXT in the Type box and type _dmarc as the name.
- In the Value box, enter the created DMARC TXT record, and choose Automatic for the TTL value.
- To add the DNS record, click Add.
- Now you need to wait some time before the first reports start to arrive. It is due to the caching by DNS, and the ISPs mostly send one report each day. It can take up to three days.
Now your domain is ready with the DMARC record published in Cloudflare for operation.
DMARC record policy has been a great boon for organizations and individuals to boost their e-mail authentication and validation process. It corroborates the regulation and reliability of the emails sent from one domain to the other. It provides a robust framework for identifying and mitigating cyber risks through emails. The Cloudflare checker already observes common HTTP headers that scammers abuse and denies access to those on your server. However, setting up a DMARC record in your DNS servers in Cloudflare will add a protective layer on top of the already secure global network and enhance its authenticity.