Domain-based Message Authentication, Reporting, and Conformance (DMARC) records standardize email authentication methods for SPF and DKIM. DMARC is designed to protect a domain from being used maliciously or without consent in third-party mailings.
When a recipient's email server evaluates for a DMARC pass/fail, it checks for alignment between SPF or DKIM domains and the domain in the "From" address. These must match for DMARC to pass.
To use DMARC with Act-On, you must have:
- DKIM set up for your "From" domain in Act-On
- an SPF record to include all mail servers sending email on your behalf
Once these are done, your IT team can add a DMARC record to your email domain's DNS.DKIM and SPF must be completed first - DMARC authentication will continue to fail until these records are set properly.
Whether to implement DMARC and what policy settings to use are business decisions that you should make based on your company's needs. Implementing DMARC incorrectly will cause messages to bounce. Please evaluate these decisions carefully before proceeding.
To add DMARC to your DNS, create a TXT record such as:
_dmarc.example.com IN TXT v=DMARC1; p=none;
A more stringent record for example might use
p=reject;to tell receiving servers to reject all messages which fail DMARC.