The ultimate step to optimize the deliverability of your messages and protect yourself against domain spoofing is to publish a DMARC record on your sending domain.

If you don’t want to deal with these technical considerations, a simple solution is to register a domain name through us: How and why to register a domain name with OxiMailing? All the domains we manage are automatically equipped with everything needed for optimal deliverability.

If you prefer to use a domain name that you already own as the sending domain, then continue reading this article.

In the following, we will use the domain mydomain.com as an example. Remember to naturally replace it with your own!

This process should be carried out by your email administrator as they alone have full control over your infrastructure.

DMARC is used to combat spoofing, which is the electronic identity theft. The article below, signed by BadSender, describes well the deployment mode of a DMARC record:

• Deploying DMARC

These articles from Google and Yahoo demonstrate the need to implement DMARC for optimal deliverability:

• https://support.google.com/a/answer/14229414
• https://senders.yahooinc.com/best-practices/
• https://senders.yahooinc.com/faqs/

First step: “p=none”

The very first level of DMARC involves publishing a “basic” record, indicating that you “acknowledge” this rule.

A minimal record would be: _dmarc.mydomain.com. IN TXT “v=DMARC1; p=none;” This is the minimum to start with, and if you have no technical knowledge, you should stop here and ask a specialist to assist you.

The next step: monitoring your DMARC

If you have understood how DMARC works and its usefulness, you can monitor all emails sent with your domain name.

Before tightening your DMARC policy, it is recommended to monitor the reports sent by the operators. The “basic” record above does not generate any report sending, but you can modify it as follows: _dmarc.mydomain.com. IN TXT “v=DMARC1; p=none; rua=mailto:dmarc@mydomain.com”

The address dmarc@mydomain.com can be replaced with any address from your domain BUT it must naturally exist and function. Be aware that dozens of DMARC reports can arrive in this mailbox every day. Ideally, use a dedicated mailbox!

By adding a RUA, you will receive daily email reports from Gmail, Yahoo, Microsoft, etc., indicating the quantity of messages received from mydomain.com by sending IP. If unknown IPs appear in the reports (with DMARC “fail”), this can mean two things:

• either your domain is being used without your knowledge by malicious senders

• or you have forgotten a legitimate sending channel used by mydomain.com, in which case you need to adjust your SPF record and/or add the appropriate DKIM keys.

The ultimate step: tightening your DMARC

Only perform this step after thoroughly analyzing the DMARC reports over a fairly long period. Once again, do not hesitate to seek assistance or contact us!

Once you have identified and validated your legitimate flows, you can move to a “quarantine” policy (spam classification) to apply to 20% of received messages: _dmarc.mydomain.com. IN TXT “v=DMARC1; p=quarantine; pct=20; rua=mailto:dmarc@mydomain.com” Once you have confirmed that the other sending IPs do not belong to you, you can move to a “reject” policy (outright rejection) by gradually increasing the percentage until reaching 100%: _dmarc.mydomain.com. IN TXT “v=DMARC1; p=reject; pct=100; rua=mailto:dmarc@mydomain.com” Feel free to contact our technical support if you need assistance in setting up your DMARC record.