How to Configure DMARC Monitoring with InboxAlly
Learn how to set up and manage DMARC monitoring using InboxAlly.
Written by Eric Benson
Updated at February 7th, 2024
Introduction to DMARC
Domain-based Message Authentication, Reporting, and Conformance (DMARC) is a technical standard that helps protect email senders and recipients from spam, spoofing, and phishing. It is designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. The purpose and primary outcome of implementing DMARC is to improve and ensure the integrity of email communication.
Understanding DMARC Records
A DMARC policy is published in the form of a TXT record in the DNS records for a domain. This TXT record contains the policy that defines how email receivers handle messages from your domain that do not have valid SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) records.
Setting Up InboxAlly DMARC Monitoring
Step 1: Generate a DMARC Record
To initiate DMARC monitoring, you will need to generate a DMARC TXT record for your domain. InboxAlly simplifies this process through its user-friendly platform.
- Log into your InboxAlly account and navigate to the "DMARC Analytics" pane
- Select your verified domain from the list presented.
- Click on "Generate DNS Record" to create your default DMARC TXT record. A record will be produced, resembling:
v=DMARC1; p=none; rua=mailto:xxxx@yyyy.com; sp=none; ri=86400; pct=100; adkim=r; aspf=rHere is a breakdown of what each tag means:
| Field | Description |
|---|---|
| v=DMARC1 | This indicates the DMARC version in use. |
| p=none | This is the DMARC policy. In this case, 'none' specifies a monitoring mode where no action is taken on non-compliant messages. |
| rua=mailto:xxxx@yyyy.com | This specifies the email address where aggregate reports should be sent. |
| sp=none | This is the subdomain policy, which matches the main domain policy here. |
| ri=86400 | This defines the interval for reports in seconds. Here, it's set to once every 24 hours. |
| pct=100 | This indicates that the DMARC policy applies to 100% of email messages. |
| adkim=r | This defines the alignment mode for DKIM, which can either be 'r' for relaxed or 's' for strict. |
| aspf=r | Like `adkim`, this defines the SPF alignment mode, which can also be 'r' for relaxed or 's' for strict. |
Step 2: Publish the DMARC Record
Once you have your DMARC record:
- Access the DNS management console for your domain. This is usually where you bought your domain name, such as GoDaddy, Namecheap, or your hosting provider.
- Navigate to the section where you can add new DNS records
- Create a new TXT record with the following attributes:
- Host/Name: _dmarc.yourdomain.com (replace yourdomain.com with your actual domain name).
- Value: Paste the full DMARC TXT record generated by InboxAlly
- Save or publish the new record.
Step 3: Start Monitoring
After the DMARC record is published, it could take up to 48 hours to propagate throughout the internet. Once active, ISPs (Internet Service Providers) that support DMARC will begin sending compliance reports to the email address specified in your DMARC record. InboxAlly will start receiving these DMARC reports and aggregate the data for analysis.
Analyzing DMARC Reports with InboxAlly
Understanding the Summary Report
InboxAlly’s dashboard provides you with a comprehensive summary of your email channels' compliance status.
Here's what you can expect from the summary report:
- Compliant Sends: Shows the daily volume of emails from your domain that passed DMARC (i.e., emails that were properly aligned with both SPF and DKIM).
- SPF / DKIM Non-compliance: Indicates the number or percentage of emails failing SPF and/or DKIM checks, which are important qualifiers for DMARC compliance.
In order to dive deeper into non-compliance issues, you have the ability to inspect the details of individual reports within InboxAlly's interface.
Interpreting Raw Data Reports
For an in-depth analysis, InboxAlly also provides parsed raw data from the DMARC reports in an easy-to-view format.
Here's how to interpret this data:
- Source IP: This field identifies the IP address from which the email was sent. You can use this information to pinpoint the geographical source and potentially identify unauthorized senders.
- Reporter: The ISP who sent the report
- Country: The country of the source IP
- Count: Indicates the number of messages sent from the IP address during the reporting period.
- SPF: Shows whether the SPF check passed or failed.
- DKIM: Similarly, this column shows whether the DKIM check passed or failed.
- Alignment: Reflects whether the message's From domain aligns with the SPF and DKIM domains. This plays a part in determining the overall DMARC compliance.
The key is to look for any discrepancies or patterns that indicate unauthorized use of your domain. For example, if you see a source IP that you do not recognize, it may be an indication of spoofing or abuse.
Ongoing Management
Implementing and monitoring DMARC with InboxAlly is a crucial step towards securing your email ecosystem. It helps you identify and mitigate issues that could damage your brand's reputation and the trust of your recipients.
Ongoing management includes reviewing DMARC reports regularly, keeping your policies up-to-date, and gradually moving from 'none' to 'quarantine' to 'reject' to enforce stronger security measures over time.
By thoroughly understanding and acting on the data provided by InboxAlly, you're not only contributing to the safety of your own communications but also helping to uphold the integrity of email as a trusted communication platform for everyone.