DMARC is an email security standard preventing unauthorized emails from your domain. In Spotler Mail+, check DMARC status under Settings Security Deliverability. If inactive or problematic, request DMARC authentication and forward instructions to your system administrator to update DNS settings. Proper DMARC setup is mandatory for reliable email delivery and must be configured for each sending domain.
What is DMARC?
DMARC, SPF and DKIM are email security standards. By setting this on your sending domain (contact@domain.com) you prevent unauthorized persons from sending emails from this domain. Don't be put off by the technical terms. As a Spotler Mail+ user, it is important that you know that it has been set up. You can leave the setting itself to a colleague or hosting party that manages your domain name. Learn more about its structure and operation in the article What is DMARC?
How do you set up DMARC?
The setup of DMARC consists of three steps:
- Check the status of your domain in Spotler Mail+
- Request DMARC authentication
- Send the instructions to your domain administrator to add the required DNS records
This configuration only needs to be added once per domain.
Before you begin
To set up DMARC, you need a reply address in Spotler Mail+. Read the article: How do I add a reply address?
In addition, someone within your organization must be able to modify DNS settings. This is often a system administrator, hosting provider, or IT department.
Step 1: Check the status of your domain in Spotler Mail+
In your Spotler Mail+ account, open the dropdown menu in the bottom left corner and go to Settings. Next, select the Security tab to access the Deliverability settings.
Here, you will find your reply addresses along with their associated reply domains. Check the DMARC column to see the authentication status of your domain.
Do you have multiple reply domains, like the screenshot above? Then make sure you set up DMARC authentication for each reply domain.
-
Status: Active
If you see a green checkmark, DMARC has been configured correctly and no further action is required. -
Status: A problem occurred
A DMARC configuration is already in place, but Spotler Mail+ has not yet been fully authorized to send emails on behalf of your domain.
Open the instruction page and forward the information to your domain administrator. The missing DNS records need to be added. Under the Content section, you will find the information that needs to be shared. -
Status: No DMARC Authentication
If no DMARC authentication is configured for your domain, continue with Step 2: Request DMARC Authentication.
Step 2: Request DMARC authentication
Go to Settings > Security > Deliverability.
Hover your mouse over the domain, or right-click to open the dropdown menu. Then click Request DMARC Authentication.
A pop-up will appear:
Specify the format in which the DKIM key must be used. We recommend 2048-bit, because the higher the number of bits, the better the DKIM is protected. However, please contact your domain administrator to find out whether 2048 is supported. Next, click on OK.
The status of the reply domain has now been changed to DMARC authentication requested.
You will receive an email with further instructions.
Step 3: Send the instructions to your domain administrator to add the required DNS records
Requesting DMARC authentication requires implementing a number of settings on your own server. Therefore, make sure to forward the instruction email to your domain administrator, to have them set up the DMARC policy for your domain.
Additional instructions system administrator
- Set up DKIM & SPF first. These are the basics for DMARC. Don't forget to also add other sending servers from which you send emails. More information about DKIM and SPF can be found in the instruction email sent to the user who completed step 1 above.
- Then go to: https://dmarc.org/overview/ for next steps. Here you can see the background of DMARC, but also which elements (tags) DMARC can consist of, including an example.
-
Normally it is not mandatory to use all tags that you see in the overview of: https://dmarc.org/overview/. This means you don't have to use the ruf and rua tags. However, we recommend that you do this to avoid problems. By filling these records you will receive feedback to the email address if your domain is suspected of being misused. This way you can take action immediately. So make sure that DMARC looks at least like this:
v=DMARC1; p=none; sp=none; rua=mailto:put your own email address here; ruf=mailto:put your own email address here - Analyze the data and adjust mail flows if necessary.
- DMARC has a policy where you can choose what action should be taken with an email sent from your domain if no DMARC has been set up. Namely "none", "quarantine" or "decline". You can change this as you gain more experience.
Check whether DMARC is set correctly
Does the system administrator notify you that the actions have been carried out? Check on the same page in your Spotler Mail+ account (Settings > Security > Deliverability) whether the correct status is shown, namely: DMARC authentication active.
Frequently asked questions
Yes, if you want to send emails from Spotler Mail+, we require proper DMARC authentication. We do this to guarantee correct delivery. There are receiving parties, such as Gmail and Yahoo, that require DMARC authentication to allow your email to reach their inboxes.
Then there is a chance that a large part of your emails will not be delivered will be delivered to the recipient's inbox. Receiving parties, such as Gmail and Yahoo, can't verify that you're really the one allowed email from the shipping address. They can't rule out that you are a spammer. To protect the recipient from spam, deliver they don't finish the email. This may affect all emails sent from your sending domain will be sent, as you are less reliable happens.
You appear most reliable if you optimize your SPF, DKIM and DMARC settings for all systems from which you send email with your sending domain. Consider, for example, system emails from your webshop. If you have already set up a DMARC record for one of these systems, merge both records. A double DMARC record is not valid.
You need your system administrator to set up DMARC. This is the person who has access to the DNS settings on your domain. Your domain is also the part after the @ sign of your reply address. For example: spotler.nl is the domain of contact@spotler.nl. Often this is a colleague from IT. At some small organizations you have to contact the hosting party directly where you purchase your domain.
Please contact support, they can delete the current authentication so you can configure a new one.
No, this is not necessary. Please set-up DMARC for one Mail+ account and contact support.
Yes, you set SPF, DKIM and DMARC separately for each domain.
In some cases, all settings may appear to be configured correctly and are even confirmed with a green checkmark in Mail+. However, sending can still fail.
This usually happens when an input is technically not fully correct, for example because of an extra space at the beginning or end of a field. The current validation in Mail+ does not always detect this beforehand, which means the error only becomes visible during sending.
We recommend carefully checking all entered fields for unintended spaces or invalid characters.
We are aware that the validation process can be improved so that the pre-check better matches the actual sending validation.