DMARC Records

From HE FAQ
Revision as of 19:25, 4 February 2020 by Blarsen (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This information only pertains to Hurricane Electric's Shared Web Hosting package. There may be different information in our other categories.

This document explains what an DMARC record is, why you might want one, and how to create one.

What is DMARC?

DMARC ("Domain-based Message Authentication, Reporting & Conformance") is a set of rules that email providers can use to determine what to do with emails that fail your SPF and/or DKIM checks, and who to report the results to.

Why might I want a DMARC record?

Some email providers, notably Google, may penalize your domain for not having a DMARC record, and may be more likely to treat emails from you as spam if you don't have one. Creating a DMARC records can also provide you with feedback about who is sending emails using your domain name, legitimately or otherwise.

How do I create a DMARC record?

Note that these instructions will only work if you are using Hurricane Electric for DNS and already have SPF and/or DKIM set up.

  1. Log into admin.he.net.
  2. Choose or create an email address at your own domain to which you are willing to have notifications sent about SPF and DKIM failures (when someone tries to send an email that looks like it came from your domain, but was in fact sent from an unauthorized location).
  3. Click on your domain name under "Active Domains For This Account".
  4. Click on the tab at the top that says, "New TXT".
  5. In the "Name" field, enter "_dmarc". Note the underscore at the beginning, which is required.
  6. In the "Text string" field, enter a basic DMARC record, like this: 
v=DMARC1;p=none;pct=10;rua=mailto:dmarcreports@example.com

Instead of "dmarcreports@example.com", use the email address you chose in Step 2.

This is a very basic DMARC record. It instructs the receiving email server to check 10% of emails from your domain to see if they match your SPF and/or DKIM restrictions but do nothing other than notify you if they fail the check. If you want to reduce the risk of people receiving spoofed emails appearing to come from your domain, "p=quarantine" (send to the Spam/Junk folder) or "p=reject" are more useful.

You can find more information, including more options you can add to fine-tune DMARC's behavior and what kinds of reports you get, at https://dmarc.org/overview/.

How do I create a DKIM record?

DKIM requires that some work be done at Hurricane Electric's end, so please send an email to support@he.net asking for a DKIM record, and we'll set one up for you.

Retrieved from "http://faq.he.net/index.php?title=DMARC_Records&oldid=705"