How to Set Up a DMARC Record in Microsoft 365

4.8
How to Set Up a DMARC Record in Microsoft 365

Domain-based Message Authentication, Reporting, and Conformance (DMARC) is a technique that helps receivers verify the authenticity of emails..

what is dmarc ?

Domain-based Message Authentication, Reporting, and Conformance (DMARC) is a technique that helps receivers verify the authenticity of emails sent from your domain. With DMARC, you can specify who at your organization is authorized to send email on behalf of your domain; this verification includes details on how to handle fraudulent or misdirected email. DMARC is a set of email security technologies that let you keep your email safe from phishing and spoofing scams. In this guide, you'll learn all you need to know to implement DMARC on your domain, and how it protects your business.

DMARC records are published on your DNS as a plain text file, most likely named as “_dmarc.yourdomain.com,” where “yourdomain.com” is your actual domain name.

By using DMARC, you can tell receiving servers what to do with email that fails authentication tests; whether to discard the message, or quarantine it, for example. That way you can protect your domain from spammers and phishers who could use unauthorized email as bait for stealing your customers' data. DMARC (Domain Message Authentication, Reporting and Conformance) is an email authentication system that helps to prevent phishing and spam emails from being delivered to your inbox.

It does this by creating a digital fingerprint for each company and indicating how the receiving server should handle emails from that domain. For example, you might request that emails that have failed the authentication test be quarantined into a spam folder.

A DMARC record is what contains the DMARC policy that informs ISPs (like Gmail, Yahoo!, Microsoft, and other email servers) if a domain is set up to use DMARC. Without a Dmarc Record Generator, it is possible that the emails you send (like when you submit information to a website) can be intercepted and modified by someone who is pretending to be you. A DMARC record provides instructions to help prevent this type of security breach: it tells ISPs if your domain should reject or quarantine emails that fail SPF or DKIM authentication tests. You're probably familiar with Sender Policy Framework and DKIM, which are used to verify that an email is sent from an authorized source. In simple terms, a DMARC policy is a way for domain owners to take action on messages that fail SPF or DKIM checks.

Setting up your DMARC record on Microsoft Office 365

A few notes before you begin

• If you’re using onmicrosoft.com or a consumer address (such as hotmail.com, outlook.com, or live.com), your DKIM, DMARC, and SPF records are already set up for you. However, if you’re using a custom domain, you’ll need to set up these email authentication protocols for your outbound emails.

• Enforcing DMARC means that you need to have SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) set up beforehand.

• To set up DMARC on your custom domain, you need to make sure that your Microsoft 365 account is connected to your domain and verified.

If you're using Office 365, you must have a DMARC record in place to receive mail from external domains. If you do not have one, you should start with the none policy. It lets you enter the monitoring phase to collect data about your email activity without affecting the deliverability of your emails. You can receive DMARC reports to check the configuration of your DKIM records and SPF records and see the sources of your outbound emails.

If you have not created a DMARC record before or are unsure if your current DMARC record is set to a policy that is best for your organization, we suggest you start off with the none policy. It lets you enter the monitoring phase to collect data about your mail flow without affecting the delivery of it. You can receive DMARC reports to check the configuration of your DKIM records and SPF and see sources of your outbound email.

Planning for email security can be hard. It’s tricky to get it right, and you don’t want to get it wrong. The Email Sending Best Practices article is a good place to start. We'll help you learn about DMARC and SPF and Domainkeys Identified Mail, how they work together for more advanced security in your Office 365 spam-filtering policy, how DLP policies work with spam-filtering policies, setting up your own reporting on email activity, and much more.

Microsoft Office 365 provides a way to set up a DMARC record, which allows senders to check whether their messages are delivered and, when the policy is set up to quarantine or reject the message, provide feedback that their email was blocked. This white paper will walk you through how to set up your policy and determine if your organization is ready and able to start using DMARC. Setting up a DMARC record correctly can be challenging.

Further, maintaining a DMARC record requires you to set up and enable DKIM and SPF, adding even more to what you need to do to protect your domain from malicious cyber attacks. To help solve these challenges, we built DMARC into Office 365. As a result, setting up your DMARC policy is easier than ever.