Have you ever received an email, in which the sender pretends to be a company, bank or a contact of yours, but it's obviously scam? This procedure is called phishing and is often used by fraudsters and scammers, who steal and use your domain name.
But how can you assure that these emails are marked as spam in the inbox of your customers? This is where DMARC comes in. DMARC stands for: "Domain-based Message Authentication, Reporting & Conformance".
What is DMARC?
DMARC tells a server what to do with a spam email, which has not been validated through SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail).
In short: Through setting up DMARC records, it tells the worldwide participating servers what they should do with emails, which pretend to be sent from your domain name, but in reality are fraudulent.
How to set up DMARC
Setting up DMARC is very easy if you're a customer of Reloadify; we've already done the difficult parts for you. But it is important, that you have already validated your domain name in our app.
Add the following rule to your DNS data (it's where you validated your domain name). Use a .TXT file:
'v=DMARC1; p=none; pct=100; rua=mailto:[email protected]'
This is how it looks with our provider (TransIP):
Options for DMARC
v = This is where you establish the DMARC version; there is only ever one version, therefore always fill in DMARC1
p = This is where you tell the server what to do with the fraudulent email. You have several options:
"None". If you enter this, nothing will happen to the e-mail. We recommend starting with this value. This will allow you to collect enough data without your emails being immediately rejected or flagged as spam. On average, one week of data collection is sufficient. After this, you can tighten the value if necessary.
"Quarantine". With this setting, the suspicious e-mail is immediately forwarded to the spam inbox.
"Reject". This is the most hardcore setting. It ensures that any email that pretends to be your domain name but does not meet the requirements will be blocked.
pct = The percentage of emails you want to scrutinise.
rua = Here you can enter the email address, which will receive the notifications. You can fill in your own email address to get an update every day.
I have set up DMARC, what's next?
If emails pretending to be from your domain name, but which didn't match 100% with your validation, have been sent, then you will receive an email notification to the email stipulated under "rua". These reports will help you figure out how often this occurs and if you should consider implementing more severe restrictions (for example "reject" or "quarantine").
That's it. By setting this up, there is nothing to stop you from safely sending emails! 📮