Configure DMARC

This check ensures that Domain-based Message Authentication, Reporting, and Conformance (DMARC) records are configured for the domain. DMARC helps protect domains from email spoofing and phishing by enforcing email authentication policies.

Check Details

• Resource: Domain
• Check: Configure DMARC
• Risk: If DMARC records are missing or misconfigured, the domain may be vulnerable to email spoofing and phishing attacks, and legitimate emails may fail delivery checks.

Remediation via Domain Registrar Console

1. Log in to your domain registrar’s console.
2. Open Domain Management for the affected domain.
3. Navigate to DNS or DNS Settings.
4. Ensure that a DMARC TXT record is present.
5. If no DMARC record exists, add a new TXT record.
6. Configure the DMARC record with the following fields:
   • Host/Name: _dmarc
   • Record Type: TXT
   • Value:

   
   v= DMARC1; p= none; rua= mailto:dmarc@example.com
   

7. Ensure the following rules are followed:
   • The v tag must always be set to v= DMARC1
   • The p tag must be one of: none, quarantine, or reject
   • Each tag-value pair must be separated by a semicolon
   • The rua and ruf tags may contain multiple email addresses separated by commas
   • Only one DMARC record should exist per domain
8. Save the changes.

Verification

Verify that the DMARC record is now visible using command-line tools.

nslookup -type=TXT \_dmarc.example.com

or
dig TXT \_dmarc.example.com

Replace example.com with your actual domain name.