Rather watch a video? Check out how to add DMARC here: (Dutch spoken, with English subtitles)
Since Feb. 1 2024, several ESPs (E-mail Service Providers) including Gmail and Outlook, require additional security for each domain. For example, it is mandatory to validate your domain as well as add a DMARC to your DNS data.
These security measures protect the end user (email recipient) from phishing and spam.
What is DMARC?
DMARC stands for "Domain-based Message Authentication, Reporting & Conformance. A DMARC tells a server what to do with a spam e-mail that doesn't pass SPF and DKIM validation.
Setting DMARC records tells global participating servers what to do with an e-mail that claims to be from your Web store, but in reality is from a scammer.
How to set up DMARC
You enter the DMARC in your DNS data at your domain host.
TransIP and Antagonist already include a DMARC in your DNS settings. You can leave it there or check and adjust it.
Step 1: Go to your domain host and navigate to the DNS data of your domain.
Step 2: Create a new record. Select "TXT" under Type.
Step 3: Enter "_dmarc" or "@" as the name.
Step 4: Enter the appropriate value, see explanation below.
v=DMARC1; p=none
Explanation DMARC
In the DMARC, there are two mandatory values:
The V value. This is the DMARC version. Currently, there is only one version. Therefore, enter: v=DMARC1
The P value. This tells you what to do with a fraudulent e-mail. You have three options:
p=none. Nothing happens to suspicious emails. We recommend starting with this value. This allows you to collect enough data without your emails being immediately rejected or flagged as spam. On average, one week of data collection is sufficient. After this you can tighten the value if necessary.
p=quarantine. Every suspicious e-mail is immediately forwarded to the spam inbox.
p=reject. Emails that do not pass the checks are blocked.
We recommend adding at least one more optional value: the rua value. This will give you more insight into your reputation.
Rua value. Enter an e-mail address where you want to receive reports on the DMARC. The reports will tell you exactly:
which servers are sending your emails;
the percentage of mails that pass the DMARC;
which servers are sending messages that do not pass DMARC, and;
what actions the receiving server takes for the emails that do not pass the DMARC.
So a very valuable report that allows you to learn a lot about your domain reputation.
The complete DMARC:
'v=DMARC1; p=none; rua=mailto:[email protected]'
Tip: The number of DMARC reports can add up per day, since you get them per receiving ESP. Create a DMARC inbox/email address and organize your DMARC reports. For example: [email protected].
I have set up DMARC, what's next?
If emails pretending to be from your domain name, but which didn't match 100% with your validation, have been sent, then you will receive an email notification to the email stipulated under "rua". These reports will help you figure out how often this occurs and if you should consider implementing more severe restrictions (for example "reject" or "quarantine").