Domain Management
      Back to home
      1. Help Center
      2. Portal Guides
      3. Domain Management

      DMARC Configuration Settings & Setup

      Understand your DMARC configuration settings and setup DMARC record delegation to enable management through Sendmarc

       Sections in the article:
       
      To enable management of your DMARC record and to start capturing DMARC aggregate reporting data, you'll first need to add your domain to Sendmarc.

      Setup & Verify DMARC delegation

       

      If this is your first time editing your domain, it is important to validate the imported settings against your existing DNS records to ensure that no records were missed as Sendmarc will only import valid records. You'll need to manually add the settings that failed to import. Be sure to do so before enabling DNS delegation.

      Steps to follow:

      1. Navigate to Domains in the left navigation bar.


      2. Click on the domain you wish to configure and then click Edit. Or click the Pencil Icon of the domain you wish to edit.
      3. Click on DMARC Settings to confirm the correct settings have been imported/applied and make necessary adjustments where needed.
      4. Once you're happy with your settings expand Your DNS Configuration section to reveal the DNS record required to enable DMARC management for your domain. You'll also see a RAW record displayed; this is the hosted record that Sendmarc compiles based on the settings you have set in the platform.
         
        The DNS Configuration section will contain:
          • DNS Record - This is the new DNS record to enable delegation.
          • Verification Status - Indicates the various states of verification with the date and time of that the last validation occurred.
          • Raw DMARC Record - Displays the raw DMARC record that contains the policy and settings as imported and modified by you. Do NOT use this record, follow the setup instructions to enable delegation. 
      5. Now add the CNAME record to your DNS to enable delegation. The process of updating your DNS may differ depending on your hosting provider. Visit the Service Provider Section for more information.
      6. Click Verify to validate your newly added DNS record. It may take some time for the record to reflect, but Sendmarc will continue to attempt verification in the background.
      7. Once your setup has been fully verified you've successfully delegated the management of your DMARC record to the Sendmarc platform. This will be indicated by a green tick. Sendmarc will start collecting your domain's reports to help you make informed decisions.

      Various States of Verification

      • Verified - Matching CNAME record found and DMARC delegation is enabled.
      • Partial Verification - Matching Aggregate Reporting Address or Raw record found
      • Not Verified - No matching Aggregate Reporting Address or Raw record found.
      Sendmarc needs to verify whether your DNS contains the valid delegated record to enable management through the platform. The record inside of your DNS needs to be the exact record that was provided. If correct, your DMARC setup will be set to "verified" and your DMARC settings can successfully be managed through the platform.

      If you have just created a new domain and the verification is failing, please allow the full Time To Live(TTL) of the domain to lapse its configured period and try validation again.

      Setup a Subdomain

      When adding or configuring a subdomain, Sendmarc will check for a verified parent domain within the Account. You have the option to override the DMARC policy with a different configuration or not. By choosing not to override it, the DMARC policy from the parent domain will apply.

      When enabled, it will create a new DNS record specifically for the subdomain. Once verified, you can only disable the subdomain override by removing the DNS configuration from the subdomain. Only unverified subdomain parent overrides can be disabled.

      You can also configure the subdomain policy directly on the parent domain's DMARC settings, check the subdomain policy settings under DMARC Settings.
       

      DMARC Configuration Settings

      Understand the various settings available for your DMARC record, these settings will only take affect if DNS delegation has been implemented and verified. Follow the setup instructions above.

      Policy Settings

       

      DMARC Policy

      Requests receiving servers to allow, quarantine or reject email that fail DMARC verification. You can set this policy to none, quarantine, or reject for unauthenticated messages.

      • None - Allows unauthenticated message
      • Quarantine
      • Reject
       

      Subdomain Policy

      Requests receiving servers to treat emails from subdomains differently to emails from the main domain. This policy indicates how you would like receiving servers to treat emails failing from all subdomains. If this is not set, your subdomains will inherit the parent domains' DMARC policy.

      • None - Allows unauthenticated message
      • Quarantine
      • Reject
       

      Policy Percentage

      This is the percentage of messages from the domain's mail stream to which the DMARC policy should apply to randomly selected emails.

      • 0-100%

      Aggregate Report Settings

       

      Report Interval

      Set the interval at which you request aggregate feedback to be sent. Although the interval is requested a reporting server may not adhere to this request.

      • Once a Day
      • Every 6 Hours
      • Every 4 Hours
      • Every 2 Hours
      • Every Hour

      Additional Report Recipients

      Additional email addresses to which you would like aggregate feedback to be sent. Sendmarc will set your unique reporting email address by default to ensure reports are received by the platform.

      Failure Report Settings

       

      Failure Reports Processing

      You can choose how you'd like to handle forensic report data. Enabling process will allow Sendmarc to process and display the report data and contents. If you are concerned about the privacy of the data contained in these reports, you can choose to process these reports yourself or disable them altogether.

      • Enabled
      • Specified Recipients
      • Disabled

      When Failure Report Processing is enabled, you'll be able to add Additional Report Recipients and set Failure Report Options to define when a forensic report should be sent.


      Failure Reporting Options:
      • SPF or DKIM Fail and Don't Align
      • SPF and DKIM Fail and Don't Align
      • DKIM fails regardless of alignment
      • SPF fails regardless of alignment

      Alignment Settings

       

      DKIM Alignment Mode

      Choose whether you would like strict or relaxed DKIM alignment.

      • Relaxed - In relaxed mode allows for sub-domains to align.
      • Strict - In strict mode the domain used for signing must be the same as the “From” domain.

      SPF Alignment Mode

      Choose whether you would like strict or relaxed SPF alignment.

      • Relaxed - In relaxed mode allows for sub-domains to align.
      • Strict - In strict mode the domain used in the “MailFrom” must match the domain in the “From” field exactly.

      Need Help?

      support@sendmarc.com is standing by to assist!