Social internet is on a rise and eCommerce is penetrating at lightening speed. While our web experience has gone from good to awesome, spammers and phishers too had a gala time intruding into our internet privacy! Theft of passwords, bank accounts, manipulating brand names, etc. are just a few proven ways for spammers and phishers to benefit from the loopholes of the internet. Every issue has a solution as well. Spammers and phishers can be effectively blocked by implementing DMARC (Domain-based Message Authentication Reporting and Conformance). You can safeguard your customers, brand name as well as your employees. This blog posts explain how to Create DMARC Record in simple steps.
How DMARC works?
DMARC majorly relies on two authentication protocols: the DKIM (Domain Keys Identified Mail) and SPF (Sender Policy Framework). SPF and DKIM must be there on your Envelope Form and Friendly Form domains before the implementation of DMARC. Follow this guide for SPF and DKIM implementation on your sending domain name.
How to Create DMARC Record?
Implementation of DMARC can get tricky at times. However, here’s a step by step guide that will help you to create DMARC Record to your domain name in just 5 steps.
Create DMARC record in 5 steps:
I. Domain Alignment Verification
The first step to create DMARC record is to open all the email headers from the emails that you send. Next task is to identify the domain or subdomain. The domain or subdomain is listed at:
The Envelope Form (i.e. Mail-Form)
The Friendly Form (i.e. Header form)
The d=domain in DKIM-signature
Check if your domain names are identical. If they are identical, then they are aligned. Hence, you can now create instructions for the mailbox provider to block all malicious emails posing to be sent via your brand name.
However, if you don’t find the domain names to be identical, do not panic. You can still create a DMARC record. Only, in this case, you will need IT, and security team to help you.
II. Email accounts Identification
You will get aggregated and forensic reports on a daily basis through your DMARC. Hence, you will need to designate an email specifically for this purpose. You will receive all your reports in this email. You can choose to use two accounts to avoid getting messed up with all the data.
III. Know about DMARC Tags
DMARC tags are the standard DMARC language. They instruct the email receiver:
- To check the DMARC
- What to do with those messages that fail the DMARC authentication
There is a host of DMARC tags available, of which you will need just a few. It is advisable to keep it simple. For instance, you can concentrate on tags like v=, fo=, p=, ruf, and rua tags.
Incase you want to read about above DMARC tags; then you can read this guide.
IV. Generate DMARC Text record in your DNS
For every sending domain, you must generate a DMARC record. The mail receiver policy must be set to ‘none’ to complete the process. After doing this, you can now gather all the information on your entire email ecosystem, like who is sending emails on your brand’s behalf, who are receiving them, and which emails are bouncing back.
You must specify your email address in the ruf and rua tags to receive the reports. As an example, your email address should look something like this:
v=DMARC1; p=none; rua=mailto:email@example.com; ruf=mailto:firstname.lastname@example.org; fo=1;
V. Implementing DMARC into DNS
This is the last step to create DMARC record. You will need to work with your DNS administrator. Once your DMARC is added to DNS, you will start receiving reports of the domain you choose to monitor.
You will receive information on the source of email traffic that is using that domain. Probably you will be able to identify certain vendors or partners who are sending emails on your behalf, of which you had no intimidation.
For example, if your domain name is example.com, want to send outgoing emails from email address of format email@example.com and you want to receive DMARC reports on email firstname.lastname@example.org; you can add DMARC TXT record like:
- example.com._report._dmarc.example.com TXT v=DMARC1;
- _dmarc.example.com TXT v=DMARC1; p=none; rua=mailto:email@example.com; ruf=mailto:firstname.lastname@example.org; fo=1;
As mentioned above, there are 2 DMARC records which need to be updated on domain name example.com.
Note: Please change the domain domain name [example.com] and email [email@example.com] with your own sending domain name & email, then finally update them on your own domain name.
You can find your domain hosting provider related DNS update tutorials from here.
DMARC helps in eliminating email frauds. So start adding DMARC records asap before your brand name gets stained.