Legacy


  1. Home
  2. Legacy
  3. Email
  4. Adding DMARC records
Click here for full details

Adding DMARC records

With the recent changes to Gmail and Yahoo for bulk sending over 5000 emails a day to their email services your domain needs a valid DMARC record.

DMARC is an email authentication method that helps prevent hackers and other attackers from spoofing email message. Spoofing is a form of email attack which forges the from address to make an email message appear to be from the impersonated domain name.

In this guide we are going to be using the Kitterman DMARC Assistant.

  1. Enter your domain name, choose the Requested policy type, in this guide we are going to start off with choosing none.
  2. Enter your the email address you would like to receive future reports to in both the Aggregate and Forensic fields.
  3. Set Failure reporting options to 0 for now (the default).
  4. For both the DKIM and SPF identifier alignments, tick relaxed (default).
  5. Tick Afrf for the Report Format.
  6. Apply Policy to this Percentage, enter 100 (the default).
  7. For the reporting interval enter 86400, the default in seconds (a day).
  8. Subdomain Policy, tick none. Click Get DMARC record.

You should now be presented to something similar to;

v=DMARC1; p=none; rua=mailto:reports@yourdomain.co.uk; ruf=mailto:reports@yourdomain.co.uk; fo=0; adkim=r; aspf=r; pct=100; rf=afrf; ri=86400; sp=none

The above record is set to have a policy of none (p=none;) meaning that it is test mode and no reporting or  rejections will be done. Its recommend to run with this configuration for a month or so to confirm all is working as expected. It can then be changed to either quarantine or reject.

This record with a none policy will still pass the recommended Gmail & Hotmail DMARC requirements that come into effect in February 2024.

Adding you record to your Domain

  1. From your hosting control panel, click Domain SettingsDomain Info, Click the edit icon next to the domain you wish to manage.
  2. You will now see the Domain Info page, click the edit icon next to DNS configuration.
  3. Here you will see all the default built in DNS records.
  4. We can add our new DMARC record as a TXT record by clicking Add DNS TXT Record.
  5. In the Name field enter _DMARC
  6. Leave the TTL as is
  7. In the Data field enter
    v=DMARC1; p=none; rua=mailto:reports@yourdomain.co.uk; ruf=mailto:reports@yourdomain.co.uk; fo=0; adkim=r; aspf=r; pct=100; rf=afrf; ri=86400; sp=none
  8. Click Submit.

Note: As this is a DNS record it can take up to 24 hours to apply.

Click here for full details

Classification: Public
Last saved: 2024/01/31 at 13:23 by Jamie

How can we help?