How to configure DMARC
DMARC (Domain-based Message Authentication, Reporting and Conformance) is an e-mail authentication method designed to help reduce e-mail abuse, such as spam. It builds upon the SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) authentication methods to provide e-mail senders and recipients a more reliable way to exchange messages.
You can use cPanel's DNS Zone Editor to add DMARC settings to your DNS records. You can also use cPanel to configure your mailing lists to be compatible with DMARC.
Configuring a DMARC TXT record in DNS
To enable DMARC for your domain, you must add a TXT record to your domain's DNS entries that contains the DMARC configuration data. To do this, follow these steps:
1. Log in to cPanel.
2. In the Domains section of the cPanel home screen, click Advanced DNS Zone Editor.
3. Under Select a Domain, select the domain you want to modify.
Usually, this is your primary domain.
4. Under Add a Record, in the Name text box, type _dmarc.
When your cursor leaves this text box, cPanel automatically adds the domain name to _dmarc, for example, _dmarc.example.com.
5. In the TTL text box, type 14400.
6. In the Type list box, select TXT.
7. In the TXT Data text box, type the DMARC configuration line.
DMARC is not yet a fully standardized protocol. As a result, different providers handle DMARC policies in different ways. You may have to experiment with various DMARC configurations to find the one that works best for your domain. Here are some example DMARC configurations:
- Enable DMARC “monitor mode”. With this configuration enabled, the specified e-mail address (in the mailto setting) receives daily reports from providers regarding how many messages were received and whether or not they passed policy checks:
v=DMARC1;p=none;rua=mailto:postmaster@example.com
-
Instruct the recipient to quarantine all messages (100%) that do not pass policy checks:
v=DMARC1;p=quarantine;pct=100;
-
Instruct the recipient to reject half of all messages (50%) that do not pass policy checks. The remainder should be quarantined:
v=DMARC1;p=reject;pct=50;
8. Click . cPanel adds the TXT record for DMARC.
Testing the new DMARC DNS record
After you add the DMARC TXT record and allow time for DNS propagation, you should test that the record is correctly configured. Follow the appropriate procedure below for your computer's operating system.
Microsoft Windows
If you are using Microsoft Windows, type the following command at the command prompt:
nslookup
At the nslookup > prompt, type the following commands. Replace example.com with your own domain name:
set type=txt _dmarc.example.com
You should see output that resembles the following (the exact text varies based on your own settings):
_dmarc.example.com text = "v=DMARC1;p=none;rua=mailto:postmaster@example.com"
Linux and Mac OS X
If you are using Linux or Mac OS X, type the following command at the command prompt. Replace example.com with your own domain name:
dig +short txt _dmarc.example.com
You should see output that resembles the following (the exact text varies based on your own settings):
"v=DMARC1\; p=none\; rua=mailto:postmaster@example.com"
Configuring mailing lists (mailman) for DMARC
If you administer a mailing list, you may encounter problems such as:
- Mailing list messages are marked as spam.
- Mailing list messages do not reach recipients at all.
To help improve the likelihood of mailing list messages arriving at their correct destination, you can configure a mailman setting in cPanel to make your list DMARC-compatible with other providers.
You must have version 11.42.1 or newer of cPanel to change this setting.
To do this, follow these steps:
1. Log in to cPanel.
2. In the Mail section of the cPanel home screen, click Mailing Lists.
3. Under Current Lists, locate the mailing list you want to configure, and then click Manage. The mailman General Options page appears.
4. Under General list personality, locate the Edit from_is_list setting.
5. You will probably need to send some test messages to determine the optimal setting for your mailing list:
- Try the Wrap Message option first, click , and then send some test messages.
- If the messages are rejected by the recipient or marked as spam, try the Mung Fromoption, and then click .
The Wrap Message option wraps the message with a From: header indicating the mailing list (not the actual poster). The Mung From option rewrites the From: header by replacing the poster's address with the mailing list's address.