How to set up DMARC

DMARC (Domain-based Message Authentication, Reporting and Conformance) is an e-mail authentication method designed to help reduce e-mail abuse, such as spam. It builds upon the SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) authentication methods to provide e-mail senders and recipients a more reliable way to exchange messages.

You can use cPanel's DNS Zone Editor to add DMARC settings to your DNS records. You can also use cPanel to configure your mailing lists to be compatible with DMARC.

Configuring a DMARC TXT record in DNS

To enable DMARC for your domain, you must add a TXT record to your domain's DNS entries that contains the DMARC configuration data. To do this, follow these steps:

  1. Log in to cPanel.
    If you do not know how to log in to your cPanel account, please see this article.
  2. Open the Zone Editor:
    • If you are using the Jupiter theme, on the Tools page, in the Domains section, click Zone Editor:

      cPanel - Domains - Zone Editor icon

    • If you are using the Paper Lantern theme, in the DOMAINS section of the cPanel home page, click Zone Editor:

      cPanel - Domains - Zone Editor icon

  3. Locate the domain you want to configure, and then click Manage.

    Usually, this is your primary domain.
  4. Click the down arrow icon next to Add Record, and then click Add TXT Record.
  5. In the Name text box, type _dmarc.

    When your cursor leaves this text box, cPanel automatically adds the domain name to _dmarc, for example, _dmarc.example.com.
  6. In the TTL text box, type 14400.
  7. In the Type list box, select TXT.
  8. In the Record text box, type the DMARC configuration line.

    DMARC is not yet a fully standardized protocol. As a result, different providers handle DMARC policies in different ways. You may have to experiment with various DMARC configurations to find the one that works best for your domain. Here are some example DMARC configurations:

    • Enable DMARC “monitor mode”. With this configuration enabled, the specified e-mail address (in the mailto setting) receives daily reports from providers regarding how many messages were received, and whether or not they passed policy checks:
      v=DMARC1;p=none;rua=mailto:[email protected]
    • Instruct the recipient to quarantine all messages (100%) that do not pass policy checks:

      v=DMARC1;p=quarantine;pct=100;
    • Instruct the recipient to reject half of all messages (50%) that do not pass policy checks. The remainder should be quarantined:

      v=DMARC1;p=reject;pct=50;
  9. Click Add Record. cPanel adds the TXT record for DMARC.
Testing the new DMARC DNS record

After you add the DMARC TXT record and allow time for DNS propagation, you should test that the record is correctly configured. Follow the appropriate procedure below for your computer's operating system.

Microsoft Windows

If you are using Microsoft Windows, type the following command at the command prompt:

nslookup

At the nslookup > prompt, type the following commands. Replace example.com with your own domain name:

set type=txt
_dmarc.example.com

You should see output that resembles the following (the exact text varies based on your own settings):

_dmarc.example.com       text =
     "v=DMARC1;p=none;rua=mailto:[email protected]"
Linux and Mac OS X

If you are using Linux or Mac OS X, type the following command at the command prompt. Replace example.com with your own domain name:

dig +short txt _dmarc.example.com

You should see output that resembles the following (the exact text varies based on your own settings):

"v=DMARC1\; p=none\; rua=mailto:[email protected]"
The backslashes are not part of the actual TXT record. They are an escape sequence added by the dig command.

Configuring mailing lists (mailman) for DMARC

If you administer a mailing list, you may encounter problems such as:

  • Mailing list messages are marked as spam.
  • Mailing list messages do not reach recipients at all.

To help improve the likelihood of mailing list messages arriving at their correct destination, you can configure a mailman setting in cPanel to make your list DMARC-compatible with other providers.

To do this, follow these steps:

  1. Log in to cPanel.
    If you do not know how to log in to your cPanel account, please see this article.
  2. Open the Mailing Lists tool:
    • If you are using the Jupiter theme, on the Tools page, in the Email section, click Mailing Lists:

      cPanel - Email - Mailing Lists icon

    • If you are using the Paper Lantern theme, in the EMAIL section of the cPanel home page, click Mailing Lists:

      cPanel - Email - Mailing Lists icon

  3. Under Current Lists, locate the mailing list you want to configure, and then click Manage. The mailman General Options page appears.
  4. Under General list personality, locate the Details for from_is_list setting.
  5. You will probably need to send some test messages to determine the optimal setting for your mailing list:

    • Try the Wrap Message option first, click Submit Your Changes, and then send some test messages.
    • If the messages are rejected by the recipient or marked as spam, try the Munge From option, and then click Submit Your Changes.
    The Wrap Message option wraps the message with a From: header indicating the mailing list (not the actual poster). The Munge From option rewrites the From: header by replacing the poster's address with the mailing list's address.

More Information

To view the official DMARC web site, please visit http://dmarc.org.

Get Email Hosting

Article Details

Did you find this article helpful? Then you'll love our support. Experience the A2 Hosting difference today and get a pre-secured, pre-optimized website. Check out our web hosting plans today.

We use cookies to personalize the website for you and to analyze the use of our website. You consent to this by clicking on "I consent" or by continuing your use of this website. Further information about cookies can be found in our Privacy Policy.