DMARC Record and Sender Email Address for Ocamba Email


What is a DMARC Record?

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol that helps protect your domain from email spoofing and phishing attacks. By using DMARC, you can specify which email servers are authorized to send emails on behalf of your domain and how receivers should handle messages that fail DMARC checks.


Purpose of DMARC

The primary purposes of DMARC are:

  1. Email Authentication: Verifies that the sender’s email address matches the domain it claims to be from.

  2. Security: Prevents email spoofing and phishing attacks.

  3. Reputation Management: Protects the reputation of your domain by ensuring that only legitimate emails are sent.

  4. Reporting: Provides feedback on email authentication failures, allowing domain owners to monitor and improve their email security.


When to Configure DMARC

DMARC should be configured if:

  1. You send a significant volume of emails and want to protect your domain’s reputation.

  2. You want to prevent unauthorized use of your domain in email spoofing attacks.

  3. You need to ensure that your emails comply with security standards required by email service providers and recipients.


Configuring DMARC

To configure DMARC for your domain, follow these steps:


1. Create a DMARC Record

A DMARC record is a TXT record added to your domain's DNS settings. The basic format of a DMARC record is:


_dmarc.example.com.  IN  TXT  "v=DMARC1; p=none; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1"


2. Set the Policy (p) Tag

The p tag specifies how email receivers should handle messages that fail DMARC authentication. You can set the policy to:

  • p=none: Monitoring mode. No action is taken on emails that fail DMARC checks, but reports are generated.

  • p=quarantine: Suspicious emails are moved to the spam or quarantine folder.

  • p=reject: Emails that fail DMARC checks are rejected and not delivered.


3. Configure Reporting

Use the rua and ruf tags to specify email addresses where DMARC aggregate and forensic reports should be sent:

  • rua=mailto\ @example.com: Aggregate reports.

  • ruf=mailto\ @example.com: Forensic reports.


4. Publish the DMARC Record

Add the DMARC record to your domain's DNS settings. This typically involves logging into your domain registrar's DNS management interface and adding a new TXT record with the DMARC configuration.


5. Monitor and Adjust

After publishing your DMARC record, monitor the reports to understand how your emails are being authenticated. Adjust your DMARC policy based on the feedback to achieve the desired level of protection.


Example DMARC Record


_dmarc.ocamba.com.  IN  TXT  "v=DMARC1; p=quarantine; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1"

This record sets the DMARC policy to quarantine, meaning suspicious emails will be moved to the spam folder. Reports on aggregate data and failures will be sent to the specified email addresses.


Important Considerations

  1. Alignment: Ensure that your SPF and DKIM records are correctly aligned with your DMARC policy.

  2. Testing: Start with a p=none policy to monitor email authentication without affecting email delivery.

  3. Gradual Rollout: Gradually move from p=none to p=quarantine and then to p=reject as you gain confidence in your email authentication setup.

Setting up DMARC for your domain is a crucial step in enhancing your email security, protecting your brand's reputation, and building trust with your audience. Follow the steps outlined above to configure DMARC and monitor its effectiveness through regular reporting.

On This Page