What is DMARC and how to set it up
DMARC, short for "Domain-based Message Authentication, Reporting & Conformance," is a tool that helps make emails more secure. It determines what will happen with emails that claim to come from your domain if they fail the SPF or DKIM check. It's also something that ISPs such as Google and Yahoo require from bulk senders.
If you have a small list, you don't need to worry about setting up DMARC. We recommend going through this process if you send more than 10,000 emails per day (or 5,000 emails to Gmail users).
If you'd like to set up a DMARC policy for your sending domain, you need to add a record to your Domain Name System (DNS), specifying your desired DMARC policy.
You can choose between three policy options, determining what happens when an email fails DKIM/SPF checks:
- Monitor (p=none) the email goes to the recipient’s inbox.
- Quarantine (p=quarantine) the email lands in the recipient’s spam folder.
- Reject (p=reject) the email gets blocked from delivery and eventually bounces.
If you haven't enabled DMARC before, we usually recommend starting with the Monitor (p=none) policy to avoid any deliverability or inbox placement issues.
So, for instance, for yourdomain.com, you would add the following TXT record:
name: _dmarc.yourdomain.com
value: v=DMARC1; p=none;
If you're using EmailOctopus, we'll generate the DMARC record for you when verifying your domain. You can read about it here.
If you're using EmailOctopus Connect, you'll need to set up the DMARC policy for each domain you use to send from your Amazon SES account. Here's more information about it.