f your emails are being rejected or sent to the spam folder with an error message citing a "lack of DMARC record" or "DMARC policy failure," it means your domain is missing a critical security measure that major email providers (like Gmail, Outlook, and Yahoo) now require.
This guide explains what DMARC is and provides the exact steps to implement a basic, safe DMARC record for your domain, using yourdomain.ie as the example.
What is DMARC and Why is it Needed?
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol that builds upon two existing standards: SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail).
Its primary purpose is to protect your domain from being used in email spoofing, phishing, and other fraudulent activities.
|
Protocol
|
Purpose
|
|
SPF
|
Specifies which mail servers are authorized to send email for your domain.
|
|
DKIM
|
Provides a digital signature that verifies the email has not been tampered with during transit.
|
|
DMARC
|
Tells receiving mail servers what to do if an email fails both SPF and DKIM checks (e.g., do nothing, quarantine, or reject), and provides reporting on failures.
|
Without a DMARC record, receiving servers cannot determine your policy for unauthenticated mail, and they often default to rejecting or quarantining the message to protect their users.
Step-by-Step: Implementing a Basic DMARC Record
A DMARC record is added as a TXT record in your domain's DNS settings. The following record is a safe starting point, as it sets the policy to monitoring only (p=none), meaning no emails will be rejected yet, but you will start receiving reports on your email traffic.
1. Log in to Your DNS Management Portal
You need access to the service where your domain's Nameservers are managed.
2. Create a New TXT Record
Navigate to the DNS Management or Zone Editor section for yourdomain.ie and create a new record with the following details:
|
Field
|
Value
|
Notes
|
|
Type
|
TXT
|
The record type must be TXT.
|
|
Name / Host
|
_dmarc
|
Crucial: The host name must be exactly _dmarc.
|
|
TTL
|
3600 or Auto
|
Time To Live (1 hour is standard).
|
|
Value / Text
|
v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.ie;
|
The DMARC policy string.
|
3. Explanation of the DMARC Value
The recommended value is: v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.ie;
•v=DMARC1: Specifies the DMARC protocol version. This must always be DMARC1.
•p=none: This is the policy for your domain. none means Monitor Only. Receiving servers will check DMARC but will not reject or quarantine mail based on the policy. This is the safest starting point.
•rua=mailto:dmarc-reports@yourdomain.ie: This is the email address where you will receive aggregate reports from mail providers (like Google and Microsoft) about your domain's email traffic. Replace dmarc-reports@yourdomain.ie with a valid email address you can check.
4. Save the Record
Once you've created your record, you'll need to publish it in your DNS zone.
To do this, login to your Always Amber account and go to the domain management page at https://www.alwaysamber.ie/panel/clientarea.php?action=domains and find the domain that you wish to add the record to.
In the dropdown menu options, click on the 'DNS Management' link.
On the DNS Management page add your new DMARC record as a TXT record and click 'Save'.
You've now added a DMARC record for your domain name.
Creating a DMARC record may seem complex, here are a couple of our favourite online tools to create a record:
https://dmarcian.com/dmarc-record-wizard/
https://mxtoolbox.com/DMARCRecordGenerator.aspx
https://dnschecker.org/dmarc-record-generator.php
If you run into issues adding the record, you can send us the record via Support Ticket and we'll add the record for you.
