How to set up a DMARC record

We suggest you set up a Domain-based Message Authentication Reporting and Conformance (DMARC) record to monitor your domains. DMARC helps monitor for both fraudulent email that may hurt your brand, as well as legitimate traffic for Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) authentication performance.

For help creating a DMARC record, use Kitterman's DMARC Record Assistant.

Steps to set up and implement a DMARC record

Here are the steps you need to take to implement a DMARC record:

  1. Contact your company's Domain Name System (DNS) administrator.
  2. Ask your DNS administrator to create a TXT record in DNS for _dmarc.[your-domain] with your DMARC record.
  3. Use the following syntax in the DMARC TXT record:
    • v=DMARC1; p=none; fo=1; rua=mailto:enter your email address; ruf=enter your email address 
      • For example: 
        • v=DMARC1; p=none; fo=1;;
        • Be sure to enter your email addresses after "mailto:". These addresses are where the reports are sent.
        • If you are working with an ESP or other third party who will receive the DMARC reports on your behalf, ask your account representative which email addresses you should use.
    • This is the suggested record for when you first implement DMARC.
      • v=DMARC1 indicates the protocol version.
      • The suggested DMARC record above includes a monitor policy (p=none). This means that you are not instructing mailbox providers to take any action with your email that fails authentication. 
      • rua contains the address where you want to receive aggregate reports.
      • ruf contains the address where you want to receive forensic reports.
      • To begin receiving DMARC reports without impacting your current email program, we suggest publishing the record with p=none. 
  4. Make sure you have at least an A record, Mail Exchange (MX) record, or AAAA record in the DNS for the domain if you plan on using it to send email.

After you implement DMARC, we recommend that you monitor your domains for at least 30 days. This can help you make sure that your own legitimate email is authenticating correctly before you decide to implement a reject (p=reject) or quarantine (p=quarantine) policy.

Reporting destination information

DMARC supports the ability to send reports to multiple destination addresses. However, you should avoid using more than two different destinations as many mailbox providers do not send reports to more than two. 

In the case that multiple email addresses are needed for DMARC reports, each destination must be outlined within the RUA and RUF statement blocks in the DMARC record. Additionally, each destination needs to be delineated with a comma within the RUA and RUF blocks. 

Note: Do not list multiple RUA and RUF statements otherwise your DMARC record will be considered incorrect and reports will not be generated.

Correct DMARC record example with multiple reporting destinations:

  • v=DMARC1; p=none;
    fo=1;,; ruf=mailto:dmar,

Incorrect DMARC record example with multiple reporting destinations:

  • v=DMARC1; p=none;
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request