DMARC policy settings

What is a DMARC policy and what it is used for

DMARC is an email authentication protocol that allows a domain owner to specify how recipients should behave if a message they receive is not authentic.

Therefore, DMARC allows a sender to impose recipient servers to perform certain behaviors on messages that have their own domain (From :), if the SPF and DKIM settings are not valid.

The DMARC email authentication system is used to protect against spoofing or phishing attempts sent by unreliable senders. DMARC can produce daily reports in XML format regarding the flow of emails. This helps verifying that the servers sending emails on your behalf are legitimate.

Set a DMARC policy

Before activating a DMARC policy for your domain, make sure that the SPF record is set correctly.

Setting up a DMARC record requires you to choose how suspicious emails are handled. Emails are considered suspicious when they don't conform to the domain's SPF and DKIM settings.

Policy options (p) are:

  • none: no action is performed on the message;
  • quarantine: messages are marked as spam and moved to the Spam folder of Qboxmail;
  • reject: the recipient server is required to reject the message.
We recommend activating DMARC policies gradually, starting from 'None', followed by 'Quarantine' and 'Reject'.

An example of DMARC record could look this:

v=DMARC1; p=quarantine; rua=mailto:rua@dmarc.qboxmail.com; ruf=mailto:ruf@dmarc.qboxmail.com

This record instructs recipient servers to mark suspicious messages as spam and sends the daily report to the address rua@dmarc.qboxmail.com.

To apply the above record, it is necessary to create a TXT type record in the domain DNS:

Record Name Record Type Value
_dmarc.mycompany.com TXT v=DMARC1; p=quarantine; rua=mailto:rua@dmarc.qboxmail.com; ruf=mailto:ruf@dmarc.qboxmail.com

Qboxmail interprets and applies the DMARC policies set by the sender but does not include the sending of daily XML reports.

It is also possible to use web tools to create your own DMARC policies: https://www.kitterman.com/dmarc/assistant.html

Verify the correct setting of the DMARC record in DNS

In order to verify the correct setting of the DMARC record on your domain, you can run the nslookup command from the terminal:

nslookup -q=txt _dmarc.mycompany.com

which should show, as a result:

_dmarc.mycompany.com text = "v=DMARC1; p=quarantine; rua=mailto:rua@dmarc.qboxmail.com; ruf=mailto:ruf@dmarc.qboxmail.com

We use cookies to provide you with a better browsing experience, continuing to accept their use.