NOTE - The exact logic for where you add this (on your Domain or Hosting) can be confusing - so always check with your Domain and Hosting. DMARC wont work properly if your SPF and DKIM aren't set up first. So check - check - check.
Thank you so much, I didn't even know that this was a thing that was happening! For those wondering, this needs to be done once per domain, even if you have multiple emails. The email you put in your DMARC is where you'll get your reports. Also for those copy/pasting the code from the description, make sure to put "reject" or "quarantine" because in that bit he put the neutral "none" which is the worse option and won't protect you.
Mostly good info here, but a bit sloppy on where this is to be done. Clearly it’s a DNS change so it must be done in your domain’s active DNS zone - which is where your Name Servers point… which could be where your domain name is hosted/registered, or where your website is hosted, or neither.. perhaps Cloudflare.
Just an example reinforcement v=DMARC1;p=reject;sp=reject;adkim=r;aspf=r;pct=100;fo=0;rf=afrf;ri=86400;rua=mailto:report@yourdomain;ruf=mailto:failure@yourdomain P → Policy for the domain SP → Policy for subdomains ADKIM and ASPF → Alignment "r" for relaxed, meaning passes if the domain is an exact match PCT → Percentage of messages to which the DMARC policy is applied FO → Failure options, "0" means a report is generated only if both SPF and DKIM checks fail RF → Format of the failure report RI → Reporting interval, "86400" is once per day RUA → For sending aggregate reports, which provide an overview of message volume and authentication status RUF → For sending failure reports, which provide details on specific messages that failed DMARC checks
Thank you Imran, great topic! I've been tweaking SPF, DMARC and DKIM for all my clients for the last 2 months. I think it's really really important for the ecosystem, to prevent spoofing (this was my primary goal) and overall to improve the quality of mail (as a medium).
It's tricky to be sure. Always check with your Domain and Host Providers to be sure of what to add and where. Also obtain any extra codes from your Newsletter services.
Very informative, going to log into my SiteGround account and do this now. Thank you!! Woohoo! I get the first comment on a Web Squadron vid! I'm chuffed! 🤣
And if my client doesn't want to receive those DMARC reports, should I remove their email address from the RUA tag at the end? Will it work without admin email at the end?
You're telling people that the 'p=none' option is the worst option, and that you use the reject option, however, open checking your records at the time of this comment, you are using 'p=none'. Any reason for this?
ok, i tried many times to copy/paste the text I've used, but youtube won't let the comment appear. Is there an alternate method of displaying it to you?
It's one of those pains that makes me want to offload all legacy hosting clients asap as it removes the fun of web designing. PS: Always check with your Domain and Host Providers to be sure of what to add and where. Also obtain any extra codes from your Newsletter services.
Awesome thanks for lettings us know about this. I am a little bit confused because you mentioned that reject is probably the best option and none is the worst but siteground article recommends to start with none and then gradually move to others.
I know what you mean. The emailaddress that you have to fill in, in the record is just for reporting. It does not mean that this DNS dmarc setting is only applied to this email.
Peter, the whole video is six and a half minute. If that's too long for your attention span, you need serious help. Also, the context in the beginning of the video was very helpful.
@@atlibjarna the information you need from this video has less than 60 seconds of the whole content. Everything else is waste of time. Maybe you like wasting your time. I don´t