All Products
Search

This Product

    Alibaba Mail:What is DMARC and How to Setup?

    Document Center

    Alibaba Mail:What is DMARC and How to Setup?

    Last Updated:Apr 07, 2024

    This article focuses on what DMARC is and how to set up DMARC record.

    1. DMARC

    DMARC is an abbreviation of Domain-based Message Authentication, Reporting &Conformation. DMARC record is set to prevent others from forging your company's domain name. You can also obtain cases where others try to forge your company' s domain name.

    When the Mail Receiver(its MTA needs to support DMARC agreement) receives an email from the domain name which sets DMARC record, the DMARC verification will be performed. If the verification fails, a report will be sent to the email address set in DMARC record.

    2. How to set

    1. Before setting up DMARC records, your company must ensure that the following SPF records have been set: "v=spf1 included:spf.sg.aliyun.com -all".

    2. After setting SPF records, it is recommended that you set the following DMARC records:

    Hostname

    Record Type

    Priority

    Record Value

    _dmarc

    TXT

    -

    v=DMARC1; p=quarantine; rua=mailto:a***@example.net; ruf=mailto:a***@example.net

    Important

    The "a***@example. net" in the record value means that you need to fill in an email address of the same organization that normally sends and receives emails.

    The following figure shows an example of adding a DMARC record:

    image

    3. About the Return Attack Email

    If you receive a large number of returned emails or automatic replies. The reason may be that bad people send emails by imitating your domain name, resulting in returned returned emails to your mailbox.

    The following measures are recommended:

    1. Check whether SPF record is configured correctly.

    2. It is recommended that you configure the DMARC resolution, set the p parameter of the record value to quadratine, observe the returned dmarc report, and set the p parameter to reject if it is confirmed that someone forged the email.

    3. There will be many report emails. It is recommended to use the private mailbox of the same organization to receive DMARC reports.

    "p" Parameter Description:

    • none: Release all emails from your domain name. Even if the email does not pass DMARC authentication.

    Example:

    v=DMARC1;p=none;rua=mailto:a***@example.net;ruf=mailto:a***@example.net

    • quadratine: reject some mails. With the pct parameter (100 by default), set the percentage of rejected emails that failed DMARC verification.

    Example:

    v=DMARC1;p=quarantine;pct=15;rua=mailto:a***@example.net;ruf=mailto:a***@example.net

    • reject: Implement strict rejection. Reject all unauthenticated emails.

    Example:

    v=DMARC1;p=reject;rua=mailto:a***@example.net;ruf=mailto:a***@example.net