What Changed?
Recently (appox. Feb 2024) Google and Microsoft have added policies to flag incoming emails sent from domains without DMARC records as spam.
It is part of a largescale effort to combat Fraud & Phishing where somebody else can pretend to be you or someone from your organization with the intent of scamming people via emails.
How does this effect me?
Our systems will typically send emails using your own business emails. If you do not have a DMARC record and your clients are using Gmail or Outlook, then emails sent from our mail servers with be flagged as spam by the clients mailboxes and they won't receive their quotes. They may also not be able to receive emails that you send them.
What do I need to do?
You, or whoever manages your DNS will need to create a DMARC record to prevent your emails from being effected by this change.
You should also check whether you have an SPF record in place as a DMARC record works in conjunction with this to verify whether valid mail is being sent. SPF Checks if the mail sent is valid & DMARC handles the mail based on whether it is or isn't valid.
How do I do it? There are 3 options
1 - Your IT Contact
You can contact whoever it is that manages your DNS and ask them to create a DMARC record on your behalf. You should ask them to check if you have an SPF record too. It is a good idea to check this SPF record with Gun Web Systems to ensure that you have our mail servers included in your SPF record. We will advise if any modifications are required.
2 - Create a Generic DMARC Record
You can create a fairly generic DMARC record using the following values.
You will need to replace YOURDOMAIN and YOUREMAIL with your actual website domain & preferred email address to set this up
Record Type: TXT
Host: "_dmarc.YOURDOMAIN"
(e.g. _dmarc.gunwebsystems.com.au)
Value: "v=DMARC1; p=none; rua=mailto:YOUREMAIL"
(e.g. v=DMARC1; p=none; rua=mailto:help@gunwebsystems.com.au;)
3 - Generate your own DMARC Record
To Create you own custom DMARC record you can use this online DMARC record wizard
https://dmarcian.com/dmarc-record-wizard/
At the end it will provide a Host & Value (host will always be _dmarc.YOURDOMAIN)
Value will change depending on what options you have selected.
(Optional Info) Below are the Steps & Related details of each step for those who wish to understand these better.
These steps are highlighted in the DMARCian record wizard but for those who want to read it all and understand the record at a single glance here are the steps and their purposes when building a record outlined below.
Step 1: Enter the domain
Step 2: Choose your Policy
Step 3: Provide your Aggregate reports address
Step 4: (Optional) Provide your Failure Reporting address
Step 5: Choose Identifier Alignment
Step 6: (Optional) Choose Subdomain Policy
Step 7: (Optional) Choose DMARC Policy percentage
Step 1
Define your domain
Step 2
What type of DMARC policy do you want?
DMARC allows you to apply different "policies" to email that appears unaligned with your domain. When first publishing your record, we suggest you start with "none". This allows you to collect data without affecting your email streams.
How do you want to treat mail that fails the DMARC check?
Step 3
Where do you want Aggregate Reports sent?
Data is the driving force of DMARC. If an address is specified, Aggregate DMARC reports will be delivered to the given email address for further processing.
You can continue with this wizard if you want to receive reports directly, or you can create a free dmarcian account and we’ll build your record for you.
If you do want to receive the report directly, you’ll still need way to visualize the data. Bookmark our XML-to-Human converter tool for after you’ve begun to receive reports.
Step 4
Do you want to receive individual failure reports?
Individual Failure Reports, or Forensic Reports, are copies of individual pieces of email that fail the DMARC check. These reports are not required or necessary for DMARC deployment, but may give further insight into how your domain may be being abused.
Step 5
Relaxed or Strict mechanisms?
Here, you can change the Identifier Alignment for each mechanism.
Step 6
Do you want a different policy for subdomains?
By default, the policy applied to example.com will be applied to department.example.com.
If you do not send email from a subdomain, setting a subdomain policy of reject will help prevent email abuse against subdomains.
If you are unsure of whether your email flows from a subdomain, select "No" until further data can be collected.
Step 7
What percentage of email do you want to apply this to?
DMARC allows users to slowly ramp their policy by allowing users to apply the given DMARC policy to a specific percentage of email flows. If you specify a percent other than 100, your DMARC policy will only be applied to the given percentage of your messages.
0-100%
Comments
0 comments
Please sign in to leave a comment.