Article
Implementing and Configuring DMARC Records
Reduce phishing attempts and spam emails with these email authentication methods
What is DMARC?
Domain-based Message Authentication, Reporting, and Conformance (DMARC) is a collection of email authentication methods. DMARC checks whether a sender is legitimate and prevents your domains from being used to send unauthorized emails.
Attackers often use other organizations’ domains, known as email spoofing, in spam and phishing attempts. Implementing DMARC lets you create a record of who is authorized to send emails from your domains, which can help prevent phishing attacks against your business.
DMARC consists of the following methods for checking emails:
- Sender Policy Framework (SPF): Identifies IP addresses that are allowed to send email from the domain. Read more about SPF.
- Domain Keys Identified Mail (DKIM): Adds a digital signature to every sent message. Read more about DKIM.
How does DMARC work?
Once DMARC is implemented, all incoming emails to your business domains are referenced against your DMARC record. If the sender is not authorized, you can configure the rules for how the unauthorized email is handled. A few common options include:
- Email is still delivered with a warning
- Email is sent to quarantine for manual approval
- Email is automatically rejected
Please note: DMARC will not prevent all phishing and spam emails from being delivered. However, implementing and configuring a DMARC record for your business is an effective way to limit phishing and spam attempts.
How do I implement and configure a DMARC record?
Before creating your DMARC record, you must set up SPF and DKIM (mentioned above).
Click here for a list of various vendors and other DMARC resources.
We recommend implementing a DMARC record for every domain you own, including those that are not used for email. We also recommend using a coverage of 100% of emails with at least a warning message added to the email, and rejecting emails for every unused email domain as part of the DMARC settings.
- If Gmail is your email service provider, please follow these steps.
- If Microsoft is your email service provider, please follow these steps.
Visit our Knowledge Center to learn more about email security
