Record Existence

A DMARC record improves email authentication and allows errors to be reported.

DMARC takes SPF and DKIM and wraps them up into a package that adds another layer called "alignment". It also adds the ability to receive reports from email receivers about the delivery status of the emails you send. This can help with diagnosing email delivery problems. Alignment means that the domain used in the "From" field of the email matches the domain used in the "MailFrom" field. This closes the loophole in SPF and DKIM that allows malicious senders to send mail from a different domain.

To use DMARC, you must already have SPF and DKIM setup correctly. Once this is done, you need to configure your 3rd party email provider to set the "MailFrom" field correctly to your domain. This may require you to create a DNS MX record or another TXT record. Follow the directions from your provider. Then, you will need to add a DNS TXT record with a record name of "_dmarc".

Once you have finished all of these steps, you will start receiving XML reports once a day from each email receiver that you send mail to. The XML report will contain information on how emails received from your domain have been validated. If you see failures inside this report, it can be one of two things. One, you have misconfigured something and your legitimate email is being blocked. Two, your DMARC record is successfully blocking malicious email that is being sent to your users. If it's the later you may be able to get enough information from the report to try to take action against the forger.

To learn more about DMARC and other email authentication mechanisms, please read our article on Best Practices for Sending Email.