Mail Assure Help

DMARC

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email protocol designed to help prevent email spoofing when used in conjunction with SPF (see Set up SPF) and/or DKIM (DKIM Certificate Generation), and gives the administrator of the receiving server the ability to act on messages when the criteria is not met. DMARC also provides the tools for senders to monitor the abuse of their domains. We highly recommend configuring DMARC DNS records on managed domains especially if your domain is the target of spoofed emails and enabling the functionality within Mail Assure where possible. If you are unclear on how to setup DNS records please consult your DNS administrator.

Does Mail Assure Support DMARC?

Yes, Mail Assure fully supports DMARC on all incoming mail. Outbound DMARC conformity is handled by the domain DNS administrator. No DMARC checks are enforced on outbound email by the outbound filter (the inbound recipient may still DMARC filter the message).

How Does DMARC Work?

DMARC works by allowing the domain administrator to specify the actions that should be taken when a spoofing message is received. It also allows for reporting of spoofing attempts. More information on how DMARC works can be found here:

How to Set up a DMARC Record?

DMARC records are set up in the domain's DNS (Domain Name Server). When you set up your DMARC record you choose the policy type (reject, quarantine, none). This record tells the server what should happen to messages that fail SPF/DKIM checks.

The following online tools may help you:

Configuring DMARC Checks in Mail Assure

To enable the DMARC check within the Mail Assure dashboard:

  1. In the Domain Level Control Panel, select Incoming - Protection Settings > Filter Settings.
  2. In the Sender checks panel, ensure the DMARC option is ticked:
  3. Click Save.

Skip Specific Domains from DMARC Checks

At times you may need to skip this check for a specific sending domain so that any messages originating from that domain will skip the DMARC check.This can be done very much like the current SPF and DKIM skips.

  1. In the Domain Level Control Panel, select Incoming - Protection Settings > Filter Settings.
  2. Click the Manage list of domains and IP addresses with disabled SPF, DKIM, and DMARC checks link at the top of the page.
  3. Navigate to the Disabled DMARC Domains tab.
  4. In the Add a Domain panel, enter the domain name in the Domain field and click Add.
  5. Any messages originating from that particular domain, will now skip the DMARC check.