DMARC (Domain-based Message Authentication, Reporting & Conformance)

|
| By Webner

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an enhancement to existing email authentication policy and reporting protocol. It helps to prevent spoofing on your mail domain so that no one other than you can use your domain to send emails to anonymous IDs.

DMARC is widely used and its open-source, but to make it easier for everyone to implement companies like Dmarcian or Mx-toolbox provide paid support. Here we will discuss about Dmarcian.

Below are the steps you need to follow to configure it correctly

Step.1 Open this URL https://dmarcian.com/

Step. 2 Now, Register for 14 days Trial by clicking the button on down right corner.

Step.3 Login using the Email ID and password you have choose while creating this account.

Step.4 Now you have to enter SPF and DKIM records in DNS record page of domain console for your domain, but before that you have to generate DMARC record.
Click Tools-> DMARC Inspector

then, click DMARC Record Generator and Enter the domain name for which records need to be generated and follow the screenshots as mentioned below.

Click yes and click Use dmarcian address

Click yes and click Use dmarcian address

Step.5 Now copy the below mentioned Record and create a TXT record in your domain DNS.

v=DMARC1; p=none; rua=mailto:fzmlspwq@ag.dmarcian.com; ruf=mailto:fzmlspwq@fr.dmarcian.com; pct=100%;

It will take around 24-48 hrs to collect data and then generate report to proceed further.

Here is some explanation on above record.
Tag Name Purpose
v Protocol version
p Policy for organizational domain
ruf Reporting URI for forensic reports
rua Reporting URI of aggregate reports
pct Percentage of messages subjected to filtering

Some online tools which you can use to verify that whether SPF and DKIM is correctly configured or not.

For DKIM test https://tools.wordtothewise.com/dkim

For SPF test http://www.kitterman.com/spf/validate.html

Step.6

Enter spf txt record for the domain
“v=spf1 include:spf.salesforce.com ~all”

Now you have to navigate to Domain Overview

Right now it is not showing any records, but after some time it will show you the records.
Like this,

Here is some explanation on above record.

p means (Policy for organizational domain)
=none means (policy value it could be none, quarantine, reject)
[pct=100%] means (Percentage of messages subjected to filtering, it could be 0-100%)

Step.7 Now Click Source Viewer it will show you screen like mentioned below.

Then click Refresh Data button, then wait for 24 hrs, it will come up with the data as shown in below image.

Step.8 Fix all valid sources to match to 100% with SPF or DKIM records.

Leave a Reply

Your email address will not be published. Required fields are marked *