DMARC Reporting Setup Guide

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is the gold standard for email security. It tells receiving servers what to do if an email fails SPF or DKIM checks.

What is DMARC Reporting?

DMARC reporting gives you visibility into how your domain is being used. Without it, you're sending emails into a "black hole" where you don't know if legitimate emails are failing or if attackers are spoofing your brand.

How to Configure Your DMARC Record

You start by adding a TXT record to your DNS. Here is a standard configuration:

_dmarc.yourdomain.com. IN TXT "v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com; pct=100; adkim=r; aspf=r"

Field Breakdown:

• p=quarantine: Move failed emails to the spam folder.
• rua: The email address where aggregate reports should be sent.
• adkim/aspf: Alignment modes (relaxed or strict).

DMARC Policy Progression

Don't jump straight to protection. Follow these phases:

1. Phase 1: Monitoring (p=none) Establish a baseline and identify all legitimate senders. Duration: 2-4 weeks.

2. Phase 2: Quarantine (p=quarantine) Protect your domain while minimizing false positives. Duration: 4-8 weeks.

3. Phase 3: Reject (p=reject) The ultimate protection. Unauthenticated emails are blocked entirely.

Understanding DMARC Data

Key metrics to watch include your DKIM Pass Rate and SPF Pass Rate. Your goal should be consistently >95% for both. If these rates are low, you need to audit your sending infrastructure and update your DNS records accordingly.

GetMailer and DMARC

GetMailer provides built-in DMARC monitoring and reporting, making it easy to see exactly who is sending mail on your behalf and whether it's authenticating correctly.