DMARC Settings in Email

What is DMARC-

DMARC is a DNS TXT record that assists receiving-mail-systems in deciding how to handle emails from your domain that don't pass SPF or DKIM validation.

How SPF and DKIM work together with DMARC

Gmail and Yahoo will require DMARC mandatorily starting from February 2024

Starting from February 2024, Gmail and Yahoo are requiring DMARC for bulk email senders who send over 5,000 emails per day. 

Verify now to prevent email failure.

a. Login to the MSG91 user panel and click on Email.

b. Goto Domains option under the DMARC section.

c. Add your domain using the button at the top right. Then, click the Verify button to verify DMARC.

[Recommended - add your main domain, instead of subdomain. This will set the DMARC policy for all your subdomains too. Ex. your registered domain for sending emails is, add for DMARC, not]

d. Delete the current DMARC record with the type TXT under the Host/Name: _dmarc, if any. Then add a new CNAME record with the provided data. Once done, click on the Verify button.

e. Once published, a DMARC record is employed by receiving-mail-servers (such as Gmail or Yahoo!) to decide the course of action for an email that doesn't pass SPF or DKIM authorization. Go to the Manage DMARC section and choose one of the following actions:

Check the settings below and set them as needed.

A published DMARC record basically serves two purposes:

If the domain has not published a DMARC record, the recipient server makes its own determination if the message should be delivered. Thus, DMARC helps easily identify threat senders, and prevent domain phishing, malware threats and a variety of security concerns by blocking fraudsters.

Suggestions to use DMARC effectively -

  1. Analyse DMARC reports to identify passing, failing or unidentified sources.
  2. Make sure all your known email sources are passing DKIM and SPF and are compliant with DMARC.
  3. After monitoring for a few days, start to Quarantine those email sources that are not DMARC compliant.
  4. If you are able to cover all known sources, the next step is to gradually quarantine (p=quarantine) a portion of traffic (pct=10) and increase it over time. The quarantine will place non-compliant emails in spam/junk folders. Once comfortable, you can pull the trigger on the reject policy (p=reject). This will tell ISPs to discard the non-compliant emails completely, essentially stopping fraud on your domain as long as you control the approved sources.
  5. End goal: set a reject policy to reject any email that is non-compliant with DMARC.

MSG91 DMARC Reports