Have you ever received an email, in which the sender pretends to be a company, bank or a contact of yours, but it's obviously scam? This procedure is called phishing and is often used by fraudsters and scammers, who steal and use your domain name.

But how can you assure that these emails are marked as spam in the inbox of your customers? This is where DMARC comes in. DMARC stands for: "Domain-based Message Authentication, Reporting & Conformance".

What is DMARC?

DMARC tells a server what to do with a spam email, which has not been validated through SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail).

In short: Through setting up DMARC records, it tells the worldwide participating servers what they should do with emails, which pretend to be sent from your domain name, but in reality are fraudulent.

How to set up DMARC

Setting up DMARC is very easy if you're a customer of Reloadify; we've already done the difficult parts for you. But it is important, that you have already validated your domain name in our app.

Add the following rule to your DNS data (it's where you validated your domain name). Use a .TXT file:

'v=DMARC1; p=none; pct=100; rua=mailto:[email protected]'

This is how it looks with our provider (TransIP):

Options for DMARC

  • v = This is where you establish the DMARC version; there is only ever one version, therefore always fill in DMARC1

  • p = This is where you tell the server what to do with the fraudulent email. It's reasonable to begin with "none", as you can always change it to "quarantine" later on, to immediately sort them into spam. If you really want to crack down on it, change it to "reject". This will block all emails using your domain name, which didn't pass the validation.

  • pct = The percentage of emails you want to scrutinise.

  • rua = Here you can enter the email address, which will receive the notifications. You can fill in your own email address to get an update every day.

I have set up DMARC, what's next?

If emails pretending to be from your domain name, but which didn't match 100% with your validation, have been sent, then you will receive an email notification to the email stipulated under "rua". These reports will help you figure out how often this occurs and if you should consider implementing more severe restrictions (for example "reject" or "quarantine").

That's it. By setting this up, there is nothing to stop you from safely sending emails! ๐Ÿ“ฎ

Did this answer your question?