SPF and DKIM are the two most popular phishing protections. To increase security, protection can be extended with the DMARC mechanism.
Domain-based Message Authentication (DMARC) is a mechanism that defines how the mail server should behave when it receives a message that doesn’t pass verification using SPF and DKIM. So in less technical terms. If a message is classified as spam – this mechanism allows you to create a policy on what should happen with such a message. We can define whether such a message is to be quarantined or deleted.
How to implement the DMARC mechanism?
SPF and DKIM mechanisms are already set on our hosting by default, however, in order to set the DMARC mechanism, both protections must be active. To create a DMARC record, log in to cPanel and then go to “Zone Editor”.
Then select the domain you are interested in and select “Manage”
The next step is to add a DMARC record.
Here we can choose one of the defined policies:
None – no policy is selected,
Quarantine – the message is marked as spam,
Reject – the message is rejected by the server.
It is also possible to define optional parameters. Below is a description of what each of them does.
Subdomain Policy – here you set the policy for subdomains.
DKIM and SPF Mode:
Relaxed – not all messages are checked for errors.
Strict – all messages are verified.
Percentage – here we define what percentage of messages should be checked by the server.
Generate Failure Reports When:
All Checks Fail – all checks fail.
Any Check Fails – any check fails.
Report Format – the format in which the report is to be generated.
Report Interval – time between reports expressed in seconds.
Send Aggregate Mail Reports To – send aggregate reports to (enter the e-mail address in this field).
Send Failure Reports To – send failure reports to (enter an e-mail address in this field).
Recommended settings
Below are the recommended settings for a DMARC record:
Policy – Quarantine,
Subdomain Policy – Quarantine,
DKIM and SPF Mode:
strict,
Percentage – 100,
Generate Failure Reports When: Any Check Fails,
Report Format – AFRF,
Report Interval – 86400,
Send Aggregate Mail Reports To – here we enter the e-mail address to which the reports are to be sent,
Send Failure Reports To – leave blank.
- A direct connection between Smarthost and Cloudflare - October 2, 2024
- Why is Redis better than Memcached? - September 16, 2024
- What is DMARC and why should you have it? - July 12, 2023