Need help? Call us on 1300 789 260

Plesk Onyx - Setting up DMARC

Difficulty: Advanced

Prerequisites

  • A vaild SPF record
  • A vaild DKIM Record 
  • Access to the DNS

Overview

Domain-based Message Authentication, Reporting & Conformance (DMARC) is an email authentication protocol which helps protect you by preventing unauthorised people sending from your domain. When a server receives an email it will check against your DMARC record. DMARK works by using the SPF and DKIM records to work out if an email is authentic then telling the receiving server whether or not to accept that email. Many businesses now require DMARC so if you do not have it properly configured your email may not be accepted.

Instructions

Here is the value you need to edit and put into your Domain Name System (DNS):

_dmarc.example.com "TXT" "v=DMARC1;p=none;pct=100;rua=mailto:you@example.com"

Detailed Explaination

To help explain what's required, here's a breakdown of the components:


v=DMARC1
This identifies the protocol version and lets the receiving server know if you have DMARC setup.

p=quarantine
DMARC receivers will report statistics about messages from this domain, and will reject messages which fail DMARC Authentication. Quarantined messages be marked as such.

none

They system will let all mail to be received by the recipient.

quarantine

Quarantine: The email is put into a external mailbox where it is up to the recipient to decide.
Spam Folder: The email is delivered to the recipients spam folder
Dropped: The email is blocked (This usually only happens if the email has other bad qualities and the tag pushed the email over the spam limit)

reject

Advises the receiving server to reject any email that fails any DKIM and/or SPF checks.

pct=100 (Optional)
The reject policy will apply to 100% of unauthenticated messages from this domain, you can change this to be any number between 1 and 100.

rua=mailto: you@example.com (Optional)
DMARC aggregate data about messages from this domain will be e-mailed to the supplied email address once per day.

ruf=mailto: you@example.com (Optional)
Samples of messages failing either DMARC-SPF or DMARC-DKIM will be e-mailed to the supplied email address as they happen.

sp = reject (Optional)
Policy for subdomains, uses the same expressions as 'p'.

adkim=r (Optional)
Optional. Set the alignment mode for DKIM. There are two options either 'r' or 's', by default it is set to 'r'.
s: strict, the sender domain name must exactly match the corresponding d=name.
r: relaxed,  any subdomain of d=domain (in the mail headers) will also be accepted.

aspf=r (Optional)
Optional. Set the alignment mode for SPF. There are two options either 'r' or 's', by default it is set to 'r'.
s: In strict mode the domain.name in the MAIL FROM command (in SMTP) and the from: header (in the mail item) must match exactly
r: In relaxed mode any valid subdomain of domain.name is acceptable.

rf=afrf (Optional)
The reporting format for individual Forensic reports. Can be either "afrf" or "iodef".
Afrf - Message format for error reporting (Abuse Report format) is defined by RFC 5965 .
iodef - Message format for error reporting (Incident Object Description Exchange Format) is defined by RFC 5070.

ri=86400 (Optional)
The reporting interval for how often you'd like to receive aggregate XML reports. You'll likely receive reports once a day regardless of this setting.

fo=0 (Optional)
Forensic reporting options. Possible values: "0" to generate reports if all underlying authentication mechanisms fail to produce a DMARC pass result, "1" to generate reports if any mechanisms fail, "d" to generate report if DKIM signature failed to verify, "s" if SPF failed.

You can use the tools found at mxtoolbox.com to confirm your domain is correctly configured for DMARC.

Was this article helpful? Yes No
👥

Having trouble? We’re here to help!

We’ve built our company with a serious focus on quality service. Feel free to give us a call!

1300 789 260