Sendmarc employs delegation of various records such as DMARC, SPF, DKIM and MTA-STS-TLS to allow control of these settings from inside of the Sendmarc platform.
Sendmarc manages all of its record types via some form of delegation or "Hosting". This means that you as an administrator have centralised access to control all of your customer's DNS records related to a DMARC implementation from a single management interface. This delegation also employs additional benefits.
DMARC Delegation
Sendmarc does DMARC delegation via CNAME records, this means that your DMARC record in DNS is created as a CNAME record.
This means that whenever a DNS query is run against your DMARC record, the server performing the query will check your domain's unique Sendmarc address.
_myuniqueidentifier.sdmarc.net
The values inside of this CNAME record are fetched from the Sendmarc platform.
Some of the benefits of doing this:
- Centrally managed portal for all domains.
- Near real-time policy updates.
- Smart import of existing DMARC record settings.
- Simplified DMARC policy management.
- Less prone to typos and human error in record creation.
- User Interface explaining all of the various policy settings.
- Change control and logging of policy setting changes.
- Restricts access to change policies.
SPF Delegation/Redirect
Sendmarc does SPF redirects via an SPF redirect mechanism, this means that your SPF record in DNS is pointed to the Sendmarc portal.
This means that whenever a DNS query is run against your SPF record, the server performing the query will check your domain's unique SPF record.
v=spf1 redirect=_san0y8lcc.sdmarc.net
The values inside of this SPF record are fetched from the Sendmarc platform.
Some of the benefits of doing this:
- Centrally managed portal for all domains.
- Near real-time policy updates.
- Smart import of existing SPF includes.
- Simplified SPF policy management.
- Less prone to typos and human error in record creation.
- User Interface explaining all of the various policy settings.
- Change control and logging of policy setting changes.
- Restricts access to change policies.
DKIM Delegation
Sendmarc does DKIM delegation via additional NS records, this means that your DKIM Keys will be fetched from the Sendmarc portal.
This means that whenever a DNS query is run against your DKIM Selectors, the server performing the query will check your domain's DKIM Keys stored inside of the Sendmarc platform.
| NS |
_domainkey
|
ns1-09.azure-dns.com.
|
| NS |
_domainkey
|
ns2-09.azure-dns.net.
|
| NS |
_domainkey
|
ns3-09.azure-dns.org.
|
| NS |
_domainkey
|
ns4-09.azure-dns.info.
|
The values of the Selectors are fetched from the Sendmarc platform.
Some of the benefits of doing this:
- Centrally managed portal for all domains.
- Near real-time policy updates.
- Smart import of existing DKIM Keys.
- Simplified DKIM Key management.
- Less prone to typos and human error in record creation.
- User Interface explaining all of the various policy settings.
- Change control and logging of policy setting changes.
- Restricts access to change policies.
MTA-STS and TLS RPT Delegation
Sendmarc does MTA-STS and TLS RPT delegation via CNAME records, this means that your MTA-STS and TLS RPT records in DNS are created as a CNAME record.
This means that whenever a DNS query is run against your MTA-STS and TLS RPT records, the server performing the query will check your domain's unique Sendmarc addresses.
sendmarc.com._smtp._tls.sdmarc.net.
sendmarc.com._mta-sts.sdmarc.net.
mta-certs.sendmarc.com.
The values of the CNAME records are fetched from the Sendmarc platform.
Some of the benefits of doing this:
- Centrally managed portal for all domains.
- Near real-time policy updates.
- Simplified MTA-STS policy management.
- Less prone to typos and human error in record creation.
- User Interface explaining all of the various policy settings.
- Change control and logging of policy setting changes.
- Restricts access to change policies.
Need Help?
support@sendmarc.com is standing by to assist!