Creating a DMARC (Domain-based Message Authentication, Reporting, and Conformance) record involves adding a DNS TXT record to your domain's DNS configuration. Here are the steps to create a DMARC record:
1. Log into your DNS provider's control panel: Access the control panel or dashboard of your domain registrar or DNS hosting provider.
2. Navigate to DNS Management: Find the section or menu option for managing DNS records. This may be labeled as "DNS Management," "DNS Settings," or something similar.
3. Create a new TXT record: Add a new TXT (text) record to your DNS settings. This is where you'll define your DMARC policy. You'll typically see fields to enter the following information:
- Name/Host/Alias: Enter "_dmarc" (without the quotes) as the hostname or name for your DMARC record.
- Value/Text: Enter the DMARC policy you want to implement. Here's an example of a basic DMARC record:
```
v=DMARC1;p=reject;sp=reject;adkim=r;aspf=r;pct=100;fo=1;rf=afrf;ri=86400;rua=mailto:youremail@example.com;ruf=mailto:youremail@example.com```
Use the DMARC generator for easy purpose: https://easydmarc.com/tools/dmarc-record-generator
- `v=DMARC1`: Indicates that this is a DMARC record.
- `p=none`: Specifies that no policy is enforced. You can change this to "quarantine" or "reject" to specify different levels of enforcement.
- `rua=mailto:youremail@example.com`: Indicates where aggregate reports (XML reports summarizing email authentication results) should be sent. Replace "youremail@example.com" with your actual email address.
- `ruf=mailto:youremail@example.com`: Specifies where forensic reports (detailed email authentication failure reports) should be sent.
- `sp=none`: Indicates that subdomains should not have a stricter policy than the main domain.
- `fo=1`: Specifies the format for forensic reports. "1" means to generate reports in AFRF (Authentication Failure Reporting Format).
4. Save or Publish: After entering the DMARC record information, save or publish the changes. The exact steps to do this will depend on your DNS provider's interface.
5. Check your DMARC record: It may take some time for DNS changes to propagate across the internet. You can check the validity of your DMARC record using online DMARC record validation tools.
Remember to adjust the values in your DMARC record according to your organization's email policy and security requirements. Additionally, regularly review DMARC reports to fine-tune your email authentication and security settings.
