To use a custom email domain, you need to set up a DMARC policy for your domain. Domain-based Message Authentication, Reporting & Conformance (DMARC) shields your domain from impersonation attacks, such as phishing. Notably, major email providers like Google and Yahoo now necessitate DMARC for those sending bulk emails.
You publish DMARC policy as a DNS TXT record. The record’s name is always _dmarc, and the value comprises tag-value pairs that symbolise your policy. Additionally, you can learn about all the supported tags and their uses, but let’s cover some of the most significant tags:
| TAG | DESCRIPTION | SAMPLE VALUE |
|---|---|---|
| v required | The protocol version. This must always be DMARC1. | v=DMARC1 |
| p required | The policy for domain. The possible values are: none, quarantine, reject. | p=none |
| rua optional | Address(es) to receive aggregate reports | rua=mailto:report@example.com |
If you’re new to DMARC, we suggest beginning with a p=none policy for initial monitoring, then switch to either quarantine or reject in due course. After you’ve settled on the appropriate policy, you must incorporate the following DNS record into your domain:
| TYPE | NAME | VALUE |
|---|---|---|
| TXT | _dmarc |
Your DMARC policy. For example: v=DMARC1; p=none; rua=mailto:report@example.com |
If you’re already using this domain to send email, use caution when adding DMARC to make sure that it doesn’t interfere with your existing configuration. If you're not comfortable with this process, then Black Owl can carry out a Full DMARC, DKIM and SPF health check and creation for a fixed cost of £30 + VAT per domain.
