DMARC, or Domain-based Message Authentication, Reporting and Conformance, is an email authentication protocol that works alongside Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM).

What makes DMARC unique is it allows senders to indicate messages are protected and tells receiving mail servers what to do if authentication methods do not pass. This makes DMARC is one of the best defenses against email spoofing. 

How DMARC works 

DMARC records reside on the DNS of your subdomain in the form of a text record. The P tag, or policy tag, can be configured to one of three options:  

  1. None – Used to collect feedback without impacting existing flows or delivery. 
  2. Quarantine – Forwards mail that is not properly authenticated into the spam folder. 
  3. Reject – Tells the receiving server to reject the mail outright and cause the messages to bounce.

v=DMARC1; p=reject; rua=mailto:mailauth-reports@google.com  

The above example is a DMARC record for Google.com. Note that the policy tag is set to reject. This means that emails sent from a Google or Gmail address in the “from” field that are not sent from Google’s infrastructure will be rejected outright and will result in a bounce.  

Note: DMARC references the SPF record. If you choose to implement a DMARC record on the DNS record of your subdomain, it is important to ensure that the SPF record points to WhatCounts as an allowed facilitator of your mail. 

For testing purposes, we recommend starting with the policy tag of None as this will ensure that your campaigns are not rejected in the event of a configuration error. 

Is DMARC required for delivery? 

DMARC is not required to deliver email messages. The need for spoof and phishing prevention has led a high number of senders to adopt DMARC, especially in the financial services and banking industry. Yet to this point DMARC is not a technical prerequisite of inbox delivery. In respect to the required email authentication protocols, DKIM and SPF are adhered to and implemented by WhatCounts.

What to consider before setting up a DMARC record 

If you choose to use DMARC, be sure you understand the ramifications. If not properly implemented, you could end up with a lot of mail that bounces or goes into the junk folder. This may occur when senders fail to set up the DMARC or other authentication records properly.  

Remember, the DMARC record points to the SPF. If the SPF has no reference to your email service provider or any subdomains or IPs connected with WhatCounts, the receiving mail server will quarantine or reject mail based on parameters set within the DMARC record. In this situation the sender’s own record may cause their mail to go into the spam folder or bounce.  

Before you attempt to implement a DMARC policy, you must first ensure that your SPF record is properly configured. If you have a subdomain set up with WhatCounts, we have the SPF piece covered for you. If you are sending from a WhatCounts subdomain and you intend to add DMARC to your own private domain, you will need to be sure that the SPF record identifies WhatCounts as the facilitator of your mail to avoid bounces or spam folder placementA DMARC policy is a great way to improve and monitor the protection of domains from fraudulent emails. If you choose to set up a DMARC record, be sure to follow the best practices in this article.

More to explore…

MPP

Apple Mail Privacy Protection

What is Apple Mail Privacy Protection? Apple Mail Privacy Protection (MPP) is a feature available to Apple Mail users. MPP protects a user’s privacy by

Read More »

Media Manager upgrade

You may have noticed that your preferred browser provides a security warning for any mixed content. Recent changes in browsers such as Chrome, Firefox and

Read More »

Ready to See WhatCounts in Action?

Take your first step towards supercharged engagement!

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy. We won't track your information when you visit our site. But in order to comply with your preferences, we'll have to use just one tiny cookie so that you're not asked to make this choice again.