Domain-based Message Authentication, Reporting, and Conformance (DMARC) records standardize email authentication methods for SPF and DKIM. DMARC is designed to protect a domain from being used maliciously or without consent in third-party mailings.
When a recipient's email server evaluates for a DMARC pass/fail, it checks for alignment between SPF or DKIM domains and the domain in the "From" address. These must match for DMARC to pass.
To use DMARC with Act-On, you must have:
- DKIM set up for your "From" domain in Act-On
- an SPF record to include all mail servers sending email on your behalf
Once these are done, your IT team can add a DMARC record to your email domain's DNS.DKIM and SPF must be completed first - DMARC authentication will continue to fail until these records are set properly.
To learn more about DMARC and understand the email authentication process, see DMARC.org.
Whether to implement DMARC and what policy settings to use are business decisions that you should make based on your company's needs. Implementing DMARC incorrectly will cause messages to bounce. Please evaluate these decisions carefully before proceeding.
To add DMARC to your DNS, create a TXT record such as:
_dmarc.example.com IN TXT v=DMARC1; p=none;
Please note: This is a simplified version of what most DMARC policy records look like. The record above indicates to receiving servers that SPF or DKIM should be valid for all messages using the client's domain in the "From" address but does not tell the receiving server to take any specific action if DMARC evaluation fails.
A more stringent record for example might use
p=reject; to tell receiving servers to reject all messages which fail DMARC.