DMARC defines a policy for how to handle email messages that fail DKIM and SPF authentication. This article explains more about DMARC and how to use DMARC with WordFly.
You should get help from your IT team or IT consultant whenever making changes/updates to your DNS.
DMARC changes for 2024
|
How to set up DMARC
You have two options for setting up your DMARC record depending on which domain your WordFly messages use for DKIM signing.
Option 1 //
If you use your From address domain for DKIM signing...
FOLLOW THESE STEPS NOW
|
LATER: FURTHER OPTIMIZE DELIVERABILITY & PROTECT YOUR DOMAIN
If you haven’t already, work toward DMARC enforcement to protect your sending domain by setting a stricter policy. Do not take this step until you’ve confirmed that all mail streams for your From name domain are passing DMARC.
Option 2 //
If you use wordfly.com for DKIM signing...
FOLLOW THESE STEPS NOW
|
LATER: FURTHER OPTIMIZE DELIVERABILITY & PROTECT YOUR DOMAIN
Email us to start DKIM signing your WordFly emails using the domain used in your From address. Use a DMARC policy of p=none until you’ve confirmed that all mail streams for your From name domain are passing DMARC. Then, work toward DMARC enforcement to protect your sending domain by setting a stricter policy.
How do I know what domain I am using for DKIM signing?
You can determine which domain you are using for DKIM signing by viewing the email header in a message sent from your WordFly account. Search in the header for the “Signing-Domain” line.
Signing-Domain examples
Signing-Domain: mctommersoncenter.org
Signing-Domain: wordfly.com
Alternatively, you can search for the `d` attribute within the “DKIM-Signature” line. This line identifies which domain signed the message. The Signing-Domain and the `d` attribute will always match.
DKIM-Signature example
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wordfly.com; s=wordfly02; t=1704841509; bh=2Rg8kkpI7BDhWGhmULttCPujqZbhVUHeB8MFQ=; h=Message-ID:From:To:Date:Subject:Content-Type; b=MiQgVWKYlfUElGDMMmn0gL7QaYomkLRbZAPkFQQWw2gQhQqz+J96Tc2dis36MC
EHk7HIKPn5KQ2dkI/uBN/covFDQOe8Nq5Y83UyrsiP+MRwu8PgQ
How to view the email header →
How to create a DMARC record
If you have not yet published a DMARC record, you can use this tool from dmarcian to help you create one. To create a basic record for getting started with DMARC, you just need to complete the first three steps.
-
Enter your sending domain
-
Specify your policy
Select the ‘Nothing yet, just collect data’ option. This will set a policy of `none`. You should always start with a policy of `none` even if you are working toward a stricter policy. Any other policy will create delivery issues for your WordFly messages. This will allow you to monitor your mail to determine when you are ready to apply a stricter policy. -
Specify an address for your aggregate reports
You should always specify a recipient for aggregate reports so you can monitor DMARC compliance and issues. ValiMail Monitor is a free monitoring service that can help with this. -
Move through the remaining steps 4-7 using the supplied default settings
-
The wizard will generate the syntax for the txt record that you need to publish in your DNS.
DMARC record syntax
Version (v) |
The v tag is required and represents the protocol version.
|
Policy (p) |
The policy tells receivers what to do with messages that fail email authentication.
If you are signing with your own domain *and* you’ve confirmed that all mail streams for your From name domain are passing DMARC, you can set a stricter policy.
|
RUA Report Email Address (rua) |
The rua tag specifies where monitoring reports should be sent. Valimail Monitor is a free monitoring service that can be used to collect and analyze DMARC reports.
|
More resources
The Ins and Outs of DMARC Monitoring