Every business owner has a hard time dealing with spammers. To prevent spamming, DMARC(stands for Domain-based Message Authentication, Reporting and Conformance) is the best email authentication mechanism yet which combines the SPF and DKIM protocols and adds a reporting mechanism to properly authenticate emails coming from a sender.
How DMARC works:
SPF and DKIM don’t work out well for a number of reasons. To sum up, previously no mechanism established a relation between the sender and the receiver properly. There was no way for a webmaster or domain owner to trace the amount of emails which were not authenticated or the receiving domain to know if a mail is being marked unnecessarily.
To cater to the issues, DMARC enables both senders and receivers to communicate and setup a strategy. DMARC allows the receiver to know how to handle the emails which are not aligned with the sender’s SPF and DKIM standards. In turn, it increases the trust of the sender’s “From” entry.
Points to note before setting up DMARC:
- You must have setup DKIM and SPF for your domain.
- There may be issues with third party providers using your domains to send mails depending on your DMARC policy. To cater to this, have their messages added to SMTP relay on your Google Apps domain.
- Every participating email provider would send you a detailed report daily on how your messages are being authenticated and what actions are being taken on their end.
- Policies can be adjusted on your end after you receive the reports. Once you are sure that all your emails are being authenticated, you can modify the status to “quarantine” or “reject”.
Popular DMARC Tags to form the syntax:
Tag | Required | Purpose | Example |
v | required | Protocol version | v=DMARC1 |
p | required | Policy for domain | p=quarantine |
pct | optional | % of messages subjected to filtering | pct=20 |
rua | optional | Reporting URI of aggregate reports | rua=mailto:aggrep@example.com |
sp | optional | Policy for subdomains of the domain | sp=reject |
aspf | optional | Alignment mode for SPF | aspf=r |
By studying the tags in detail, you should at first come up with a DKIM record of your own as the below example:
“v=DMARC1; p=quarantine; pct=20; rua=mailto:postmaster@your_domain.com”
To explain the tag in brief, you have instructed the receiving domain to quarantine 20% of the total emails which fail the authentication and claim to have come from your domain and specified an email address to send the daily reports.
Setup DMARC on Google Apps:
- Make sure that you have DKIM authentication for the domain.
- Create a TXT record with name “_dmarc.yourdomain.com.” where “yourdomain.com” is the actual domain name. You must have already created the value which you can enter in the TXT value field.
- Once you have added the records, you will receive the XML reports daily which you can analyse and take required actions.
- It is recommended to deploy judiciously for your domain. You should always monitor all the messages and then start to quarantine a small percentage to see the results. Once you are fully confident, you can start rejecting them. You should gradually increase the “pct” percentage to prevent any widespread impact.
- Review your reports daily and take necessary actions.
DMARC is important as it is the highest level of spam prevention and email abuse you can undertake for your domain and email providers are adopting this latest technology in widespread basis.
Let us hear out any issues from you in comments. Happy to help!