DETHINKED > Mail Server > How to Create a DMARC Record to Protect Your Mail Server’s Reputation
Categories

How to Create a DMARC Record to Protect Your Mail Server’s Reputation

Welcome to Part 4 of our mail server tutorial series on Ubuntu 20.04.

Before diving into DMARC, make sure you’ve followed the previous steps:
Installed and configured Postfix SMTP server (Part 1)
Set up Dovecot with TLS encryption (Part 2)
Added SPF and DKIM authentication (Part 3)

If you’re all set, it’s time to take your email protection one step further with DMARC.

What Is a DMARC Record?

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a type of DNS TXT record that tells other mail servers how to handle emails that fail SPF and DKIM checks.

In short, it allows you to say:

“If someone tries to send fake emails using my domain, here’s what you should do — reject, quarantine, or let it through.”

It helps protect your domain from email spoofing, improves deliverability, and enhances your domain’s email reputation.

Do I Need to Configure Anything on My Mail Server?

No server-side configuration is needed if you’ve already set up SPF and DKIM.
All you have to do is add a TXT record to your DNS settings.

So yes, it’s incredibly easy — but powerful.

How to Add a DMARC Record on Cloudflare

Since we’ve used Cloudflare for DNS in previous parts, we’ll continue with that.

The steps are similar to adding SPF or DKIM, only the content is different.

🧾 Steps:

  1. Log in to your Cloudflare Dashboard.
  2. Go to the DNS tab.
  3. Click Add Record.
  4. Choose TXT for the Type.
  5. Set the Name to: _dmarc
  6. Set the Content to: v=DMARC1; p=none; pct=100; rua=mailto:you@yourdomain.com
  7. Click Save.

Explanation of DMARC Parameters

Let’s break down what those values mean:

  • v=DMARC1: Specifies the version.
  • p=none: Tells receiving servers not to take any action (yet) if DMARC fails.
    • You can change this later to:
      • quarantine: Send failed emails to spam
      • reject: Block failed emails entirely
  • pct=100: Apply this policy to 100% of emails.
  • rua=mailto:you@yourdomain.com: Your email address for receiving DMARC reports from other servers (like Gmail, Yahoo, etc.)

DMARC reports are XML files sent daily showing which messages passed or failed authentication checks.

Recommended Strategy

Start with:

p=none

This allows you to collect reports without affecting email delivery. Once you see stable reports with 100% SPF/DKIM pass rates, you can gradually move to:

  • p=quarantine
  • Eventually, p=reject for full protection

This helps avoid false positives, which sometimes happen due to misconfigured clients or third-party services.

How to Test Your DMARC Record

You can verify your DMARC setup using mail-tester.com.

  1. Go to the website and copy the provided email address.
  2. Send an email to it from your domain using your mail client (e.g., Thunderbird).
  3. Click “Then check your score”.
  4. You should see something like:

✅ Your message passed the DMARC test

If not, double-check your SPF, DKIM, and DMARC values in your DNS.

What’s Next?

After successfully setting up SPF, DKIM, and DMARC, your domain is now much more trusted and secure from spoofing attempts.

See you in the next tutorial!

More Reading

Post navigation

Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You might also like

Stay a while and read more posts like this

Nginx Hardening
Categories

Locking Down Nginx: How I Hardened My Web Server Configuration

Postfix Installation On Ubuntu
Categories

How to Set Up SPF and DKIM on a Mail Server in Ubuntu 20.04

Managing Users and Permissions on Linux the Right Way
Categories

Managing Users and Permissions on Linux the Right Way

How to setup email server on ubuntu 21
Categories

How to Set Up a Secure Mail Server with Postfix on Ubuntu 20.04 (Complete with Real Config Examples)

Subscribe to our newsletter