Post Information

Reading Progress

Enhance security for forged spam (DMARC)

Spammers can forge the “From” address on email messages to make them appear as though they originate from your domain. When spammers use your domain to send junk email, it negatively affects your domain’s reputation. People who receive these fraudulent emails may mark them as spam, which can impact the delivery and perception of legitimate messages sent from your domain.

To combat this, Gmail and other email services support Domain-based Message Authentication, Reporting, and Conformance (DMARC). DMARC allows domain owners to define a policy for handling suspicious emails that appear to come from their domain.

What is DMARC?

DMARC, or “Domain-based Message Authentication, Reporting & Conformance,” is an email authentication, policy, and reporting protocol. It builds on the widely deployed SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) protocols, adding an extra layer of protection. DMARC ensures that the “From” domain in the email matches the sending server’s domain and provides policies on how to handle authentication failures.

How DMARC Works

DMARC helps email senders and receivers verify messages and establish a policy for dealing with suspicious ones. If an incoming email fails SPF or DKIM checks, DMARC will define what happens. Here are the common actions DMARC can enforce:

  • Take no action (log the suspicious message for further review).
  • Mark the message as spam (quarantine it).
  • Reject the message entirely, so it doesn’t reach the recipient.

Set Up DMARC After SPF and DKIM

To set up DMARC, we recommend first implementing SPF and DKIM. These protocols help verify whether a message comes from an authorised server. If a message fails SPF or DKIM checks, DMARC can step in to define further actions.

DMARC and Third-Party Email Providers

If your organization uses third-party email providers, DMARC can sometimes flag those messages as suspicious if they are not correctly authenticated. To avoid this issue, you can:

  • Share your DKIM key with the third-party provider so they can sign outgoing messages with it.
  • Ask the provider to send emails through your domain’s authorized servers.

DMARC Filtering Examples

For more detailed examples of how DMARC handles email filtering, you can review the SPF and DKIM sections of the DMARC specification.

Tips for Using DMARC

Here are some tips to help you implement DMARC more effectively:

  • Set up DMARC to send daily reports, detailing how often messages from your domain pass or fail authentication checks.
  • Adjust your DMARC policy based on report findings. For instance, if valid emails are consistently authenticated, you can move from a “monitor” policy (p=none) to “quarantine” or even “reject.”
  • Your DMARC policy can be strict or relaxed, depending on your needs. High-profile companies like PayPal and eBay enforce strict authentication requirements, rejecting any unauthenticated messages.
  • Gmail and other email services will handle the DMARC check for recipients, so no additional action is required on their part.

Start Using DMARC

If you’re ready to protect your domain, start by following Google’s guide on adding a DMARC record to your DNS settings.

Add a DMARC Record

To set up DMARC for your domain, follow these steps to create a TXT record. DMARC policies determine how your domain handles suspicious emails by using specific tags within the DNS record.

Set Up SPF and DKIM First

Ensure you have SPF and DKIM configured before adding a DMARC record, as DMARC builds on these authentication methods.

Example DMARC TXT Records

Here are some example DMARC records you can modify for your domain:

  • Take no action: "v=DMARC1; p=none; rua=mailto:postmaster@your_domain.com"
  • Quarantine suspicious messages: "v=DMARC1; p=quarantine; pct=5; rua=mailto:postmaster@your_domain.com"
  • Reject unauthorized messages: "v=DMARC1; p=reject; rua=mailto:postmaster@your_domain.com, mailto:dmarc@your_domain.com"

For more detailed steps on how to create and deploy DMARC records, check out the full documentation on Google’s Support Page.

How to Implement a DMARC Record in cPanel

Here’s a step-by-step guide to help you implement a DMARC (Domain-based Message Authentication, Reporting, and Conformance) record in cPanel:

Step 1: Log in to cPanel

  1. Navigate to your hosting provider’s login page and enter your username and password to access cPanel.

Step 2: Access Zone Editor

  1. Once logged in, scroll down to the Domains section.
  2. Click on Zone Editor.

Step 3: Find Your Domain

  1. In the Zone Editor, locate the domain where you want to implement the DMARC record.
  2. Click the Manage button next to the domain name.

Step 4: Add a DMARC Record

  1. Click on the Add Record button at the top-right corner.
  2. Select Add “TXT” Record.

Step 5: Input the DMARC Record

  1. Name/Host: Enter _dmarc.yourdomain.com (replace “yourdomain.com” with your actual domain).
  2. TTL: Set the Time to Live (TTL) to 14400 (default is usually fine).
  3. Type: Make sure it’s set to TXT.
  4. Record: Input your DMARC policy here. A basic DMARC policy looks like this:
v=DMARC1; p=none; rua=mailto:postmaster@yourdomain.com; ruf=mailto:forensic@yourdomain.com; pct=100
  • p=none: This means no action will be taken on suspicious emails (for monitoring purposes). Change it to p=quarantine or p=reject when ready to take action on suspicious emails.
  • rua=mailto:postmaster@yourdomain.com: This specifies where to send aggregate reports (replace with your email address).
  • ruf=mailto:forensic@yourdomain.com: This specifies where to send forensic reports (optional).
  • pct=100: This applies the policy to 100% of your email traffic. You can adjust this number as needed.

Step 6: Save the Record

  1. After entering the details, click Add Record or Save.

Step 7: Verify Your DMARC Record

  1. Wait for DNS propagation (which can take up to 48 hours).
  2. Use an online DMARC checker tool, such as MXToolbox DMARC Checker, to verify that your DMARC record has been added correctly.

By following these steps, you will have successfully added a DMARC record to your domain via cPanel!

For more information on email security, check out these articles:

These resources can help you set up and validate your DMARC, SPF, and DKIM records:

Terms and Conditions of FREE Website Offer

Website Scope:
The promotion offers a basic business website of up to 5 pages (Home, About, Services, Contact, etc.), which includes a modern, professional design using available templates.

Hosting and Domain:
Hosting is provided for 6 months FREE as part of the promotion. .co.uk Domain for 1 year is FREE with an option to buy more years or choose another domain extension.

Content Submission:
The client must provide all text, images, and content needed for the website.

Revisions are limited to a reasonable amount (e.g., 2-3 rounds of edits).

Completion Timeline:
The website will be completed within 4-6 weeks of project approval, depending on the client’s responsiveness.

Promotion Frequency:
The offer is valid once a month, and one startup will be selected from the pool of applicants.

Selection Criteria:
Applications will be reviewed based on the clarity of the business idea, the potential for impact, and the business’s readiness to launch.

Non-Transferable:
This promotion is non-transferable and must be used by the original applicant. The website created through this offer cannot be re-sold or transferred to another party.

No Resale Clause:
The website provided under this promotion is intended solely for the use of the applicant’s business and cannot be re-sold or distributed as part of a third-party service.

Moral and Legal Standards:
We reserve the right to refuse projects that may be deemed questionable in terms of morality or legality.

Additionally, we cannot accept websites that may cause a conflict of interest with our existing customers.

Intellectual Property:
Ownership of the website design and structure remains with the client, but W.E.B.S Ltd retains the right to showcase the website in our portfolio, unless otherwise agreed upon.

Domain Names

Nominet Members since 1999. Aimed at Business Users who need reliability.

Business Hosting

Business Hosting for Websites and Apps, including FREE SSL & Backups

Customer Area

Login securely and manage every aspects of your account with us.