What is DMARC? #

• Article at DMARCAnalyzer
  • https://www.dmarcanalyzer.com/dmarc
• URIports has an awesome interactive tool that walks you through the SPF, DKIM, and DMARC checks in real-time for one of your own emails
  • https://www.learndmarc.com/
• DMARC is a way for you to discover what services (or rogue entities) are sending emails on your behalf… and then offers a way to tell recipients to reject the ones that don’t meet your SPF/DKIM criteria

Setting up DMARC #

v=DMARC1; p=none; rua=mailto:<YOURDMARCSERVICE>; ruf=mailto:<YOURDMARCSERVICE>; fo=1:d:s

• I recommend starting with a DMARC service and putting your DMARC in ‘“watch” mode with p=none.
• Once you’ve monitored your email feedback for a few weeks and are satisfied that the only failures are from servers spoofing you, it’s time to upgrade your none setting to quarantine and eventually reject.

Check your DMARC record #

Use one of these free tools to check on your DMARC records (you enter the domain and it gets checked):

• MxToolbox DMARC check
  • https://mxtoolbox.com/dmarc.aspx
• Dmarcian DMARC inspector
  • https://dmarcian.com/dmarc-inspector/
• Dmarc Analyzer record checker
  • https://www.dmarcanalyzer.com/dmarc/dmarc-record-check/

Use one of these free tools to check the syntax of a DMARC record before you create your DNS entries.

• https://vamsoft.com/support/tools/dmarc-policy-validator

Use a DMARC Monitoring Service! #

• I can’t stress this enough… if you send a lot of email, you don’t want to be reading emailed reports from your recipients telling you exactly what happened with your emails.
• Sign up for a DMARC monitoring service. They receive a copy of all the reports and put them into a nice dashboard for you.
  • Uriports – starts at $1/month to get essentially all the feedback you need to get your email authentication up and running nicely.
  • Cloudflare is currently in beta for a free (?) DMARC monitoring service
  • Postmark offers a free service consisting of a weekly email summary of your DMARC aggregate feedback results
  • DMARCeye – Relatively new service that is currently free!
  • Dmarc.lv offers a free option for a single domain. I’ve not tried it, but people have told me they like it
  • ValiMail offers a free monitoring service for Office 365, but it’s pretty simplistic.
  • I’ve also used DMARCAnalyzer and liked it, although their pricing is no longer transparent (and thus probably expensive)

Service-specific articles on DMARC #

You will need to work with each service that sends email for you. This includes your primary (person-to-person) email provider plus additional providers you might use for marketing, sales, etc.

• DMARC for Google gSuite – https://support.google.com/a/answer/2466580
• DMARC for Office 365 – https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/use-dmarc-to-validate-email?view=o365-worldwide
• Dmarcian maintains a list of email sources and whether or not they support DKIM/SPF/DMARC here:
  • https://dmarc.io/sources/