How To: Generate a DMARC Record¶
Domain-based Message Authentication Reporting and Conformance (DMARC) is a technical specification that is used to authenticate and email by aligning SPF and DKIM mechanisms. Detailed information on DMARC can be found here.
Note
Both an SPF record and a DKIM key are required, first, before a DMARC record can be created.
To Generate a DMARC Record¶
Log into SiteWorx from the browser (https://ip.ad.dr.ess:2443/siteworx)
In SiteWorx, navigate to Administration > Mail Options > DMARC. This opens the Email Management: DMARC Management page
Click +. This opens the Domain form
From the Domain dropdown, select the domain that DMARC record should be associated with
Click Continue. This opens the Add DNS DMARC Record form
Update the required fields:
TTL: The TTL (Time To Live) of a DNS record is a suggestion to other DNS servers of how long to cache the given DNS record. Short TTLs mean the DNS server will be queried more often. Longer TTLs mean the DNS server will be queried less often. It is often helpful to lower the TTL when making changes to DNS records, so that they propagate sooner.
Policy: Determines the policy for receiving messages for the domain. There are three options:
None: No action is required
Quarantine: Failed DMARC messages are considered suspicious, and are sent to the spam folder
Reject: Messages failed by DMARC verification are rejected
Subdomain Policy: The policy for receiving messages for a subdomain.There are three options:
None: No action is required
Quarantine: Failed DMARC messages are considered suspicious, and are sent to the spam folder
Reject: Messages failed by DMARC verification are rejected
DKIM Mode: (Optional) DKIM record authentication check. There are two options:
Relaxed: The check passes if the sender is an email address on either the domain or a subdomain
Strict: The check passes only if the sender an email address address on the domain. Subdomains will not pass validation
SPF Mode: (Optional) SPF record authentication check. There are two options:
Relaxed: The check passes if the sender is an email address on either the domain or a subdomain
Strict: The check passes only if the sender an email address address on the domain. Subdomains will not pass validation
Percentage: (Optional) Specifies the number of emails to be filtered, indicated as a percentage. For example, selecting 20 from the dropdown will filter 20% of emails
Generate Report When: (Optional) How forensic reports are created and presented. There are four options:
All Checks Fail: This generates a DMARC failure report if both SPF and DKIM checks fail to produce an aligned “pass” result
Any Check Fails: This generates a DMARC failure report if either SPF or DKIM checks produce something other than an aligned “pass” result
Send DKIM Report if Message Failed DKIM Evaluation: This generates a DKIM failure report if the message had a signature that failed DKIM evaluation, regardless of its alignment
Send SPF Report if Message Failed SPF Evaluation: This generates an SPF failure report if the message failed SPF evaluation, regardless of its alignment
Report Format: Format for Failure reports.There are two options:
AFRF
IODEF
Report Interval: (Optional) The interval between sending aggregated reports
Send Aggregate Email Reports To: (Optional) Addresses for sending aggregated reports, separated by commas
Send Failure Email Reports To: (Optional) Addresses to submit Failure reports, separated by commas. Specifying this tag implies that the owner requires recipient servers to send detailed reports on every message that fails DMARC validation
Click Save