DMARC Settings in Email

What is DMARC-

DMARC is a DNS TXT record that assists receiving-mail-systems in deciding how to handle emails from your domain that don't pass SPF or DKIM validation.

How SPF and DKIM work together with DMARC

Gmail and Yahoo will require DMARC mandatorily starting from February 2024

Starting from February 2024, Gmail and Yahoo are requiring DMARC for bulk email senders who send over 5,000 emails per day.

Verify now to prevent email failure.

a. Login to the MSG91 user panel and click on Email.

b. Goto Domains option under the DMARC section.

c. Add your domain using the button at the top right. Then, click the Verify button to verify DMARC.

[Recommended - add your main domain, instead of subdomain. This will set the DMARC policy for all your subdomains too. Ex. your registered domain for sending emails is info.xyz.com, add xyz.com for DMARC, not info.xyz.com]

d. Delete the current DMARC record with the type TXT under the Host/Name: _dmarc, if any. Then add a new CNAME record with the provided data. Once done, click on the Verify button.

e. Once published, a DMARC record is employed by receiving-mail-servers (such as Gmail or Yahoo!) to decide the course of action for an email that doesn't pass SPF or DKIM authorization. Go to the Manage DMARC section and choose one of the following actions:

None - Do nothing to the email, it will be delivered without any action
Quarantine - Deliver the email, but to the spam folder
Reject - Strictly reject the email

Check the settings below and set them as needed.

A published DMARC record basically serves two purposes:

Tells the recipient server to either: Quarantine the message, Reject the message, or Allow the message to continue delivery.
Sends reports to an email address or addresses with data about all the messages seen from the domain.

If the domain has not published a DMARC record, the recipient server makes its own determination if the message should be delivered. Thus, DMARC helps easily identify threat senders, and prevent domain phishing, malware threats and a variety of security concerns by blocking fraudsters.

Suggestions to use DMARC effectively -

Analyse DMARC reports to identify passing, failing or unidentified sources.
Make sure all your known email sources are passing DKIM and SPF and are compliant with DMARC.
After monitoring for a few days, start to Quarantine those email sources that are not DMARC compliant.
If you are able to cover all known sources, the next step is to gradually quarantine (p=quarantine) a portion of traffic (pct=10) and increase it over time. The quarantine will place non-compliant emails in spam/junk folders. Once comfortable, you can pull the trigger on the reject policy (p=reject). This will tell ISPs to discard the non-compliant emails completely, essentially stopping fraud on your domain as long as you control the approved sources.
End goal: set a reject policy to reject any email that is non-compliant with DMARC.

MSG91 DMARC Reports

Explore the Dashboard to know the DMARC policy distribution for the senders and the verification status of the registered domains.
Identify your top senders, their geological distribution and goto the Geological Reports section for a detailed analysis
Check your senders' DMARC Compliance and goto the Compliance Reports section for a detailed analysis
Identify the top DMARC reporters.