Detectify
Knowledge Base

Back to Knowledge Base

Support Center

Missing/insufficient DMARC record

Last Updated: Jul 25, 2016 11:54AM CEST

DMARC is part of the protection against spoofed emails. If it is insufficiently configured or missing, it may be possible for an attacker to send spoofed emails.

What can happen?

Spoofing can be used to trick people into giving up sensitive information and spreading false information that may damage the reputation of the vulnerable part.

Remediation

Compile the policy

The policy consists of multiple tags.

Tag Name Required Purpose Sample
v required Protocol version v=DMARC1
p required Policy for domain p=reject
sp optional Policy for subdomain sp=reject
rua optional Reporting URI of aggregate reports rua=mailto:report@example.com
pct optional % of messages subjected to filtering pct=25

The full list can be found here.

The value of v should always be DMARC1, so you don’t need to do anything more with that one.

p can differ between none, quarantine and reject. None is no action taken at all and can be recommended to start with to make sure no important email gets rejected. You should eventually change this to quarantine or reject so the policy has some effect. sp is the same thing, but for all subdomains.

pct is the percentage of emails you want to be affected by the filtering. This can be skipped, but some prefer to use it in the beginning to make sure not all emails are rejected in case something goes wrong with the configuration.

rua is what is special for DMARC. It has a report functionality, which means that you can receive a report on how your emails have been treated. This way, you can see if someone is abusing your domain to send forged emails, if you have misconfigured something, etc.

Apply the policy

Go to your domain manager and create a new DNS record:

  • As hostname enter _dmarc. The record should be placed at _dmarc.[yourdomain], e.g., _dmarc.example.com.
  • As value, just enter the policy previously compiled.
  • If there is more than one name field (one being the hostname), it is only used to help you separate the records and can hold whatever value you find appropriate.

Example of what it looks like to add the record in CloudFlare's interface.
 

Resources


Related articles

support@detectify.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete