A Guide for Beginners and Advanced Users

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a vital tool in protecting your domain from being used in phishing or spoofing attacks. It ensures only authorised senders can use your domain in emails, adding a layer of trust for your recipients.

In this blog, we’ll walk you through creating a DMARC record in two ways:

  • Part 1: For beginners with no technical background.
  • Part 2: For those familiar with DNS and domain management.
    We’ll also discuss why a minimal DMARC record might not be enough and how to get the most from this essential email security feature.

But first the warning. Implementing DMARC without analysing the reports it sends back, showing DKIM and SPF failures, can impact the delivery of your emails. Consider a DMARC monitoring service like Powermail and have complete confidence.


Part 1: DMARC for Beginners

If you’ve never worked with DNS records or email security before, don’t worry—this section simplifies the process.

Step 1: Understand What a DMARC Record Is

A DMARC record is a simple text entry added to your domain’s DNS settings. It tells receiving email servers how to handle unauthorised emails claiming to be from your domain.

Step 2: Log In to Your Domain Registrar

  • Your DNS records are managed by the company where you registered your domain, like GoDaddy, Namecheap, or Google Domains.
  • Log in and find the option for DNS Management or DNS Settings.

Step 3: Add a New TXT Record

You’ll need to add a TXT record with the following details:

  • Host/Name:
_dmarc
  • Value:
v=DMARC1; p=none; rua=mailto:your-email@example.com 
  • v=DMARC1: This specifies it’s a DMARC record.
  • p=none: This means no enforcement. It simply monitors activity and reports back to you.
  • rua=mailto:your-email@example.com: The email where reports about your domain’s email activity will be sent.

Step 4: Save and Test

Save the record and wait for it to propagate (this can take a few hours). You can use free tools like MXToolbox to check if your DMARC record is live.

Why Start With “p=none”?

Starting with p=none lets you monitor email activity without affecting email delivery. This is a good way to understand who’s sending emails on your behalf.


Part 2: DMARC for Advanced Users

If you’re familiar with DNS and domain configurations, you can create a more robust DMARC record that actively protects your domain.

Step 1: Decide on an Enforcement Policy

DMARC allows three policies:

  • p=none: Monitors email activity but doesn’t enforce protection.
  • p=quarantine: Flags suspicious emails and sends them to the spam folder.
  • p=reject: Blocks unauthorised emails outright.

Choose the policy based on your confidence in your SPF and DKIM settings. For best results, start with p=quarantine and move to p=reject when ready.

Step 2: Create a Comprehensive DMARC Record

Here’s a sample DMARC record:

v=DMARC1; p=quarantine; rua=mailto:your-email@example.com; ruf=mailto:your-email@example.com; pct=100; aspf=r

Explanation:

  • ruf=mailto:: Receives forensic (detailed) failure reports.
  • pct=100: Ensures 100% of emails are evaluated.
  • aspf=r: Specifies relaxed alignment for SPF, making it slightly less strict.

Step 3: Regularly Monitor Reports

Use a DMARC reporting tool to analyse the reports sent to your rua email. This will help you identify and address unauthorised senders.


The Value (and Limitations) of a Minimal DMARC Record

Creating a minimal DMARC record (p=none) is better than having none at all because it:

  • Monitors email activity and provides insights.
  • Alerts you to potential abuse of your domain.

However, it doesn’t actively protect your domain or prevent spoofing. Think of it as a smoke detector that alerts you but doesn’t put out the fire.

To add real value:

  • Use p=quarantine or p=reject for active protection.
  • Ensure your SPF and DKIM records are properly configured.

Take Control of Your Email Security

Setting up a DMARC record is an important first step in protecting your domain and your brand’s reputation. Whether you’re just starting or comfortable with DNS configurations, DMARC can help you build trust with your audience.

Ready to strengthen your email security?

  • For beginners, start with p=none and monitor your reports.
  • For advanced users, implement a stricter policy and monitor regularly.

If you need help understanding your reports or configuring your domain for full protection, contact us for expert support.