In the digital world, email communication is key. But how do you ensure that your e-mails are not marked as spam or become targets of fraudsters? The solution lies in the _DMARC record. Setting up a DMARC record is very simple, so it's important to take a few minutes to read it, set it up, and be sure.
What is a _DMARC record and why is it important?
_DMARC (Domain-based Message Authentication, Reporting & Conformance) is an innovative standard that helps domain owners protect their e-mail domains from various threats, such as phishing and spoofing attacks. With the help of DKIM and SPF records, _DMARC authenticates every email sent from your domain.
Phishing is a type of online fraud where attackers attempt to fraudulently obtain sensitive information, such as usernames, passwords, or credit card information, from an innocent user. Phishing attacks usually use fake e-mail messages, websites, or messages that appear to come from trusted sources.
Spoofing refers to the practice of disguising communication so that it appears to be coming from trusted sources, when it is actually coming from an attacker.
The importance of DMARC lies in its ability to protect the reputation of your email domain. When your email has a properly set DMARC record, recipients can be sure that the message is coming from a legitimate source.
How do DMARC, DKIM and SPF complement each other?
To understand DMARC, we must first understand how it relies on DKIM and SPF:
DKIM (DomainKeys Identified Mail): This is the method by which e-mail messages are "signed" using a private key on your server. When the message reaches the recipient, it is decoded using the public key available as a DNS record. If the signature matches, the email is legitimate.
SPF (Sender Policy Framework): This record defines which servers can send emails on behalf of your domain. When recipients receive an email, they can check the SPF record to confirm that the message came from an approved server.
DMARC uses both of these systems to authenticate email. If the message passes both tests, it is considered authentic. If not, the DMARC policy decides what happens next.
How to set up a _DMARC record with cPanel?
Using cPanel, the process is as follows:
Log in to cPanel: Log in to your cPanel account.
Accessing the 'Zone Editor' tool: This is the central place to manage DNS records
Manage/Edit at your domain, the central place to manage your domain's DNS records.
Add _DMARC record: Click the arrow next to "Add Record" and select the record type "_DMARC" and then just save.
Key components of the _DMARC record:
In addition to the parameters already mentioned, there are several other key components that you can configure:
The main components of DMARC records and their explanations are:
v=DMARC1
Description: This declaration marks the record as a DMARC record. It is required for every DMARC record.
Variation: It is always "DMARC1" for current DMARC records.
p=
Description: The policy you want to enforce for electronic messages that do not pass DMARC checks.
Variations:
none: There are no actions, but reports will be sent.
quarantine: Messages are redirected to quarantine (eg to the spam folder).
reject: The message is rejected before it reaches the user.
sp=
Description: Policy for subdomains. If not specified, the base policy will also apply to subdomains.
Variations: Same as for "p=" (none, quarantine, reject).
rua=
Description: The address to which email summary reports will be sent.
Variation: The address must be in the form of e-mail (e.g. mailto:reports@mydomain.rs).
ruff=
Description: The address to which authentication failure reports will be sent.
Variation: The address must be in the form of e-mail.
pct=
Description: The percentage of messages you want the policy to apply to. Useful when you want to gradually introduce DMARC to avoid potential problems.
Variation: A number between 0 and 100.
adkim=
Description: DKIM compliance.
Variations:
r: relaxed compliance.
with: strict compliance.
aspf=
Description: SPF compliance.
Variations:
r: relaxed compliance.
with: strict compliance.
ri=
Description: Frequency of sending reports.
Variation: Number in seconds (eg 86400 for daily reports).
Here we see that p=none which means it doesn't do anything if it hasn't passed the SPF and DKIM check. The next item is rau which means send reports to that email address. Fields adkim and aspf were placed on with which means strictly that they must be valid.
This is a good example of what a DMARC record should look like when testing if everything is in order and you will receive a report to your email that you have put there so you can check if everything is successfully and nicely set up. If you confirm that everything is successful then you can item "p=" to switch to reject and thereby completely secure your domain so that no one can impersonate you.
What does a DMARC report look like?
When you receive the file it will be packed in .gz format. You unzip with any program (say 7zip) and we get an .xml file that we can open however we want. In that file, depending on who sent everything, whether it was just us or someone already tried to abuse, the length of that report also depends.
Here is a site where you can insert your xml and see it arranged nicely if this text view doesn't suit you. SITE
Here we see for this domain that policy_evaluated SPF is marked as fail and thus if our p= was rejected then no one would be able to receive email from us. It needs to be set up correctly first and then. Even though it says pass at the bottom of the SPF record, the total does not pass.
In this particular example, which is shown on purpose, it says that DKIM and SPF are correct, but email sending is not. Which means that some PHP script was used and sending from a site where the sending is not set up correctly and therefore does not pass the check even though the DNS itself is set up well.
Expect server reports more and often depending on how much you send. If you no longer want to receive these notifications, then delete them rao= item.
If you are sure and everywhere it says that it was successfully sent, i.e. the pass for your IP (this is very important to look at your IP only), then you can p= put reject and thus prevent misuse of your email.
Conclusion:
The security of your email domain should not be taken lightly. DMARC, along with DKIM and SPF, provides robust protection against threats that can threaten your reputation and the trust of your customers. If you're using cPanel, there's no reason not to set up a DMARC record right away.
X We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. However you may visit Cookie Settings to provide a controlled consent. PrihvatiPodešavanja
Manage consent
Privacy Overview
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
