Target
Customers who have not configured DMARC records for the mail domains used in HENNGE Email DLP are the targets.
Purpose
The purpose of publishing DMARC records is to implement protection measures against impersonation and phishing, and to prevent emails from being classified as spam.
In addition, the guidelines published by Google state that for senders who send more than 5,000 emails per day to Gmail accounts, along with registering SPF records and setting up DKIM signatures, publishing DMARC records is also a requirement, to ensure compliance with this.
Precautions
1. It is recommended to work on all custom domains that use email.
2. Prior registration of SPF records and configuration of DKIM signatures are required.
3. HENNGE cannot access customers' network DNS settings, so it may be necessary for customers' domain administrators / domain service providers to complete this process.
4. The settings described in this help center are the minimum required DMARC settings to comply with the guidelines published by Google.
Detailed Steps and Explanation
1. Publish the following DMARC records for the customer's domain DNS.
Name of TXT Record
_dmarc.
※ Depending on the DNS service, the trailing period "." may not be necessary. If so, please try removing the period and registering.
※ The method for adding TXT records on DNS servers varies by server. Please check with your DNS server provider for details.
Value of TXT Record
v=DMARC1; p=none
※ "p=none" is the definition to deliver emails as they are when authentication fails. As per the guidelines published by Google, the setting up to "p=none" is listed as the minimum requirement.
Example Configuration:
v=DMARC1; p=none; rua=mailto:dmarc@example.com
※ Tags like "rua" are not mandatory.
※ For the meaning of each tag, please refer to sites like Google's site.
2. Open Command Prompt (Windows) or Terminal (Mac OS), execute the command, and confirm that the value of the set TXT record is displayed.
nslookup -type=TXT _dmarc.<additional-domain>
C:\Windows\system32>nslookup -type=TXT _dmarc.<additional-domain> | grep DMARC
TXT="v=DMARC1; p=none; rua=mailto:dmarc@example.com"
dig _dmarc.<additional-domain> txt | grep DMARC
dig _dmarc.<additional-domain> txt | grep DMARC
_dmarc.<additional-domain>. 1800 IN TXT "v=DMARC1; rua=mailto:dmarc@example.com"
Frequently Asked Questions
What is DMARC?
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a defense mechanism that determines if the sender address displayed in an email has been impersonated or not. It is one of the email domain authentication technologies, which, based on the authentication results of SPF and DKIM, further verifies the sender address displayed in the email header (From), preventing impersonation and ensuring that emails are sent from trusted domains.
DMARC policies can also determine the handling of emails after SPF and DKIM records have been validated.
What is a DMARC record?
A DMARC record is used to register a domain's DMARC policy. DMARC records are published (registered) in DNS as DNS TXT records.
How can I strengthen a DMARC policy?
Please refer to the following article.
Regarding strengthening DMARC policy
Reference Sites
・Guidance on Google's New Email Sending Policy
・DMARC Record Checker (External Site)