DMARC Tutorial - How to set up DNS DMARC record | Protect Your Doman

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
welcome back in this tutorial we're going to cover what dmarc is why you need it and how to implement it if you own a domain it's very important that you have all three dkim dmarc and spf records set up in your dns to prevent email spoofing and to prevent your emails from being marked as a spam finally i will show you how to obtain your free aggregate report and your free forensic report so you could monitor all your emails that are sent on the behalf of your domain this is a dns course so you should be comfortable adding dns records in your domain such as the xd records before we get started don't forget to subscribe to our channel to stay up to date with our latest training videos dmarc stands for domain based message authentication reporting and conformance the mark was first published in 2012 it's a protocol built by google microsoft yahoo and paypal to prevent email abuse it is supported by all major mail service providers if not all dmarc is used to determine the ethnicity of an email message it lets you control who can send email using your domain and allows you to set various instructions for the receiving email server to get started with dmarc you must have both your spf and dkim records set up for your domain once you have both your email spf and dkim records set up then you can add a dmarc record to your dns it's basically a text record it includes instruction for the receiving email server on how to handle mail sent under your domain that does not align within your policies you can also instruct the receiving email server to send you both an aggregate report and a forensic report your dmarc aggregate report contains information about the authentication status of messages sent on your domain's behalf aggregate reports are free reports that are sent to you and contain information such as the source that sent your emails the domain name that was used to send messages sending ip addresses the number of messages sent on a specific date and the dkim slash spf authentication result and finally your dmarc results [Music] dmarc forensic reports are generated when the spf or dkim do not align with your dmarc forensic reports are free reports that are sent to you only when an email that is sent by your domain fails dmarc authentication it contains information such as email to field the email from field the ip address of the sender the email subject field the authentication result the message id urls delivery result and the isp information you create a dmarc record by creating a text record for your domain named underscore dmarc for example this is what the value of a dmarc text record could look like the syntax for dmarc record is basically a combination of tags separated by semicolon at the bare minimum your dmarc record should look something like this the v tag specifies the dmarc protocol version there is only one dmarc version available which is the mark 1. this is required field so you should always have it included in your dmarc record the p tag allows you to specify how you want mail service providers to handle emails that are sent using your domain identity but are not aligned with your policy you have three options do nothing or you can quarantine or reject the email i highly recommend you set it to reject the email to prevent anyone from sending emails using your domain name both the v and the p tag are required now we will cover all the other optional tags the sp tag is an optional tag similar to the p tag it allows you to specify your policy but for sub domains on your domain name if you don't include this then the value inside your p tag will be used the pct tag is an optional tag it allows you to specify the percentage of email messages in which your stated dmarc policy applies for the values can be anywhere from one to a hundred percent i always recommend you set this field to a hundred percent this tells the email receiver to reject 100 percent of emails that fail dmarc authentication the rua tag is also an optional tag it allows you to specify an email address or addresses to receive the mark aggregate feedback reports to i cannot emphasize how important it is to have this field set up even if your domain does not send emails you should always set this record so you could get insights into domain spoofing or phishing attacks that impersonates your domain you can specify multiple emails by separating them with a comma i always recommend you have this tag set the value of the rua tag can be any valid email address the ruf tag is also an optional tag it's like the rua tag but allows you to specify any email address or addresses so you could receive your dmarc forensics reports tool i always recommend you have this tag set as well even if your domain is not sending emails the forensics reports are sent to you when someone attempts to send an email impersonating your domain and it fails your dmarc and dkim authentication it instructs the email service providers to send you a copy of the email that was sent the fo tag is also an optional tag it allows you to tell email service providers that you want email samples if the email failed you have four options the zero value generates the report if all authentication mechanisms fail this means your spf and dkim policy fails you also can set it to 1 which generates reports if any of your authentication mechanisms fail spf or dkim so the zero one was only if both of them fail the one if either of them fail the third option is the d value which basically generates reports only if your dmarc failed then you have the s value which generates reports if your spf fails [Music] you can specify multiple values by separating them with a colon i personally recommend you set the fo tag to 1 so you can receive a copy of any email sent on your behalf that fills either spf or dmarc authentication the aspf tag is an optional tag you can use this to specify if you want to set your spf policy to strict or relaxed by default if you don't include this option it's always a strict which is your best option remember guys your spf policy basically makes sure all emails sent using your domain are authorized to send emails we also have the a d k i m tag which is identical to the aspf tag but it's for your dkim policy the rf tag is an optional tag this tag allows you to specify the dmarc forensic report format there is only one value which is afrf this is used by default you shouldn't really need to include this tag but maybe in the future there could be more reports types the last available tag you could use is the ri tag this is also an optional tag the ri tag allows you to specify the aggregate report interval in seconds the minimum and default value is 86 400 seconds which equates to 24 hours this means every 24 hours you will receive a dmarc aggregate report i recommend you keep it set to the minimum once you have set up your dmarc values let's go ahead and validate it so the best way to do it is to go to google and search for dmarc validator and you should be able to see there's a result for mxtoolbox but any of these will work mxtoolbox has a really good tool and let's go ahead and search for a domain i have set up my dmarc records for my own domain and if you did it correctly you should be able to see your dmarc values here and you should see that you have no errors thank you for watching if you found this tutorial useful then i would appreciate it if you hit that like button otherwise make sure you subscribe to our channel to stay up to date with our latest training videos if you have any questions feel free to post it down on a comment below and we'll see you on the next video
Info
Channel: AHT Cloud
Views: 358
Rating: undefined out of 5
Keywords:
Id: zfcUzaLqRM0
Channel Id: undefined
Length: 10min 45sec (645 seconds)
Published: Sat Oct 16 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.