This article is a beginner’s guide on how to set up DMARC because, really, DMARC sounds more technically intimidating than it actually is.
In this guide I’m going to cover the entire DMARC setup process, which includes:
- Making sure you have SPF/DKIM in place
- Creating your DMARC policy
- Adding the record to your domain
- Testing to make sure everything worked
That process should take about five minutes or less. The only reason I didn’t want to call this a “5-minute guide” is because you’ll also need SPF or DKIM in place before you can set up DMARC. If you need to set up one of those and then DMARC, that will take slightly longer.
Let’s jump in to setting up DMARC authentication for your domain.
How to Set Up DMARC: Table of Contents
- What Is DMARC in Under 100 Words?
- Step 1: Testing Whether SPF/DKIM Are Set Up for Your Domain
- Step 2: Create Your DMARC Record
- Step 3: Adding Your DMARC Policy Record to Your Domain
- How to Set Up DMARC: Next Steps
What Is DMARC in Under 100 Words?
Domain-based Message Authentication, Reporting & Conformance (DMARC) is a policy you create and attach to your domain to instruct mail servers how to handle emails from your domain when they fail SPF and DKIM.
Emails that are sent through unauthorized servers or spoof your domain will fail SPF and DKIM, at which point the mail server checks the DMARC policy to determine whether to still deliver that email.
DMARC can provide a deliverability boost, as it helps email services determine that you are who you say you are and that emails from your domain are valid.
How do SPF and DKIM relate to DMARC?
SPF stands for Sender Policy Framework. It’s a domain record where you specify what mail servers have permission to send emails using your domain.
DKIM stands for DomainKeys Identified Mail. It’s like a digital signature that’s attached to your emails to help a mail server determine whether the email was authorized.
While SPF, DKIM, and DMARC are referred to as the three main authentication methods for email, DMARC works differently than the other two.
DMARC relies on SPF and DKIM; SPF and DKIM are used to authenticate an email, DMARC then tells the mail server what to do with the email when it fails both SPF and DKIM checks.
Do I need to set up DMARC?
“Need” is a strong word… but you really should set up DMARC.
As of February 1st, 2024, Google and Yahoo/AOL put new policies in place for anyone sending messages to their email users.
All senders are required to have a SPF or DKIM record in place; DMARC is not required.
However, if you’re setting up SPF/DKIM, there’s no reason not to also set up DMARC.
Bulk senders — defined as people sending 5,000+ messages in a day to gmail.com addresses or a large volume of daily emails to Yahoo/AOL addresses — are required to have SPF, DKIM, and DMARC set up.
Does DMARC help my deliverability?
Yes. DMARC, along with the other email authentication methods, can help with deliverability.
None of them is a magic bullet, though. If you set up a DMARC policy, that doesn’t mean suddenly every single email you send will go to the inbox and not the spam folder.
DMARC is one helpful deliverability tool you have at your disposal, but many other factors also contribute to where your emails land. (For instance, things like your domain and IP reputation, the content of your messages, and how many people have marked your prior emails as spam.)
Do I need to set up DMARC if I have a gmail.com email address?
You do not need to set up DMARC for your gmail.com address… because you can’t.
In order to set up DMARC, you need to be able to access your domain name’s DNS records. You don’t have access to gmail.com’s records, since Google owns that domain name. And they already have SPF, DKIM, and DMARC set up.
What if I don’t control my own domain name?
You might not be able to access the DNS records for your domain name. (Example: Maybe you work for a company and send emails through them.)
In that case, if you don’t have a DMARC policy in place, you’ll need to talk to someone to have them set that up. That might be an IT person or another administrator; really, whoever’s in charge of the domain.
Now let’s cover how to set up DMARC.
Step 1: Testing Whether SPF/DKIM Are Set Up for Your Domain
A DMARC policy doesn’t stand alone; it needs a SPF or DKIM record in place for mail servers to utilize it.
That means our first step is going to be determining whether or not you already have SPF/DKIM in place — and if not, setting up one of them.
GMass has a free email analyzer tool where you can check out whether you have SPF and DKIM records for your domain. (And while we’re in there, we’ll also check if you have DMARC set up already too.)
Head over to the email analyzer, then copy the test address it provides.
Go to your email account and send an email to that address.
It should only take a few seconds for GMass to process your email and show you everything going on behind-the-scenes with your sending process.
You can see whether you have a valid DKIM signature in the Headers section…
If you have an SPF record, that will be in the SPF section…
And you can see if you have a DMARC record in place in the DMARC section…
…or not.
Why do I have a DKIM record in place when I know I’ve never set one up?
If you have a DKIM record in place and you know you’ve never gone through this process, it’s likely the default DKIM record Google uses for Google Workspace accounts.
You should still set up your own so you can achieve DKIM alignment with DMARC.
Setting up SPF or DKIM for your domain
We’ve published quick guides on adding SPF and DKIM records for your domain.
Either one will take about five minutes, assuming you have access to your domain’s DNS records at your registrar or host.
- Here’s the guide to set up SPF
- And here’s how to set up DKIM
If you’re choosing one or the other, we recommend DKIM because it’s easier to pass DMARC alignment with DKIM.
We explain why in our article on using GMass’s special DKIM settings (which you’d use if you were sending emails in GMass using a SMTP service, otherwise don’t worry about it).
Once you have your SPF or DKIM policy in place, you’re ready to set up DMARC.
Step 2: Create Your DMARC Record
A DMARC policy is usually just one line of text — a line you do not have to write yourself.
I use a site called the DMARC Record Wizard to create my DMARC records. There are plenty of other DMARC generators out there if you just have to do something different.
Our recommended settings:
- For the type of DMARC policy, select the “nothing yet, just collect data” option.
- For the reporting email address, enter a general address at your domain.
- You do not want to receive individual failure reports.
- We recommend relaxed alignment for both DKIM and SPF.
- You can say no to subdomains.
- Apply to 100 percent of email.
The tool should spit out a result that looks quite a bit like this:
That’s all you need; you’re now ready to set up the policy for your domain.
Step 3: Adding Your DMARC Policy Record to Your Domain
In order to set up your DMARC policy for your domain, you’ll need to be able to add a Domain Name System (DNS) record.
Since you’re a beginner, it’s most likely that you’ll edit your DNS records at your domain registrar (e.g., GoDaddy, Namecheap, and the rest).
If you log into your account at your registrar, attempt to edit the DNS records for your domain, and they tell you the records are managed elsewhere, it could be your web hosting company. (There are also third-party DNS management platforms, but it’s much less likely you’re using one of those.)
For this example, I’m going to show you how to create your DMARC record at your domain registrar.
How to create your DMARC record at your domain registrar
I’ll demonstrate how to create the record at GoDaddy. If you’re using a different registrar, it won’t look exactly like this but the basics are the same: Go to your domain, find the section with its DNS settings, add a record.
First, log into your domain registrar, then go to your domain.
Go to the DNS management options for the domain, then find the link or button to add a new record.
Now enter these settings:
- Type: TXT
- Name/Host: The result you got from the DMARC creation wizard, labeled Target/Host/Location
- Value: The result you got from the DMARC creation wizard, labeled Your DMARC Record Is
- Time-to-Live (TTL): 1 hour or 3600 seconds
Then save the record.
Now when you scroll through the list of DNS records for your domain, you should see your new TXT record.
It will take up to 48 hours for the DNS changes to propagate. It usually doesn’t take that long — in my experience, usually everything is set in a few hours.
After you’ve waited at least a few hours, you can run that GMass email analyzer again to check if your new DMARC record is now up and valid.
How to Set Up DMARC: Next Steps
You have now successfully set up a DMARC policy for your domain.
If you’re a bulk sender, that’s a required step to stay compliant with Google and Yahoo’s new policies. But even if you’re not a bulk sender, you’ve taken a smart and helpful step toward better deliverability and email security.
And because I know you’re hot on deliverability…
If you’re not a GMass user yet, 99% of GMass users report the best deliverability they’ve ever had.
GMass has an entire suite of deliverability tools, including the unique Spam Solver, to help make sure your messages get to your prospects and don’t wind up in their spam folders.
You can get started with a free trial of GMass by downloading the Chrome extension — there’s no credit card required.
GMass works right inside of Gmail, which makes it easy to use (there’s no new software platform to learn) and you can test it out by sending up to 50 emails per day during your free trial.
Send incredible emails & automations and avoid the spam folder — all in one powerful but easy-to-learn tool
TRY GMASS FOR FREE
Download Chrome extension - 30 second install!
No credit card required
kwojbiMOzePdUrlD
JVXGFhSZ