What is DMARC?
Domain-based Message Authentication, Reporting & Conformance is one of the new
Email authentication method to protect Recipient and Sender against mail spoofing.
This technology using SPF and DKIM mechanism which published on DNS server.
It is consider DMARC will be best practice to sending Email all over the world, aka;
United states, EU, Australia, New zealand which forced to set a DMARC on your DNS.
How to set DMARC
You need add new record on DNS server in order to publish DMARC record.
Please make sure to DNS hosting provider cause the procedure is different.
| Example of DMARC record |
|---|
| _dmarc.△△△△.com IN TXT "v=DMARC1; P=none; rua=mailto:〇〇〇.com; ruf=mailto:□□□.com;" |
| Action to take for failed DMARC check | Disposition | TXT records |
|---|---|---|
| Reject 100% of messages that fail the DMARC check. Email a daily report to two addresses: ○○@△△.com & □□@××.com Failed messages cause an SMTP bounce to the sender. | Reject | v=DMARC1; p=reject; rua=mailto:○○@△△.com; ruf=mailto:□□@××.com |
| Put 5% of the messages that fail the DMARC check in recipients’ spam folders. Email a daily report to ○○@△△.com | Quarantine | v=DMARC1; p=quarantie; pct=5; rua=mailto:○○@△△.com |
| Take no action on messages that fail the DMARC check. Email a daily report to ○○@△△.com | None | v=DMARC1; p=none; rua=mailto:○○@△△.com; ruf=mailto:◇◇@〇〇.com |
Example
Amazon Web Service
https://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-email-authentication-dmarc.html
Google Cloud Platform
https://cloud.google.com/dns/docs/records/
GoDaddy
https://jp.godaddy.com/help/dns-20165
STRATO
https://www.strato.com/faq/en_us/online-storage-hidrive/can-i-manage-my-own-dns-entries-at-strato/
