Configure outbound DMARC

GravityZone Security for Email provides the ability to participate in DMARC (Domain Message Authentication Reporting and Conformance) for email authentication.

Note

For more information refer to How DMARC works.

Before configuring any DMARC DNS entry, you must ensure that the following are true:

You have enabled DKIM for each domain in your account.
You have enabled SPF for each domain in your account.
Note
For more information on SPF records see:
- MX records and IP addresses - Set 1
- MX records and IP addresses - Set 2

Create a DNS Resource Record of type TEXT with a record name like _dmarc.domain.TLD. For example, the Resource Record name for domain testdomain.co.uk is _dmarc.testdomain.co.uk.

Note

The record name must start with _dmarc (including the underscore).

The text content of a simple starter record should be similar to:

v=DMARC1; p=none; ruf=mailto:[email protected]; aspf=s

aspf=s specifies "strict" checking of SPF (the default is "relaxed").
ruf= provides the email address to which DMARC failure reports should be sent.
p=none specifies a policy of "none" - the recipient should not reject or quarantine any messages simply because they do not align with this DMARC policy. The recipient could of course reject or quarantine the messages for other reasons.

You should start to receive reports to the email address you specified every 24 hours. After reviewing the reports and confirming that valid messages from your domains do pass evaluation, you may then request that recipients act on messages that do not align with the policy, by changing the policy to quarantine or reject.

In this section:

Configure outbound DMARC

Note

Note

Note

Search results