Domain-based Message Authentication, Reporting, and Conformance (DMARC) is an email authentication protocol designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. The purpose and primary outcome of implementing DMARC is to improve and ensure email security by preventing attackers from sending messages with forged sender addresses in your domain.

This article will guide you through the process of creating a DMARC record for your domain in a straightforward, step-by-step manner. This guide is tailored for non-technical users aiming to enhance their email security.

What You Will Need

Before creating a DMARC record, you need:

- Access to your domain's DNS settings. This is typically available from your domain registrar or web hosting service.

- An email address to receive DMARC reports. This could be your existing email or a new one dedicated to receiving these reports.

Step 1: Understand the DMARC Policy Tags

A DMARC record is a TXT record added to your domain's DNS and includes tags that specify your email authentication policy. Here are some of the basic tags:

- v: Protocol version (always DMARC1)

- p: Policy for organizational domains (none, quarantine, reject)

  - none: The domain is not enforcing any policy but will monitor and report on email sources.

  - quarantine: Emails that fail DMARC checks will be moved to the spam folder.

  - `reject`: Emails that fail DMARC checks will be rejected.

- rua: Addresses for sending aggregate reports of DMARC failures.

- ruf: Addresses for sending forensic reports of individual failures (optional).

Example: v=DMARC1; p=none; rua=mailto:yourname@yourdomain.com

Step 2: Create Your DMARC Record

1. Choose Your Policy: Start with a less strict policy (`p=none`) to monitor how your emails are being handled without affecting delivery. Later, you can change this to a more strict policy (`quarantine` or `reject`) based on the insights gained.

2. Specify Your Email for Reports: Decide where you want to receive the DMARC reports (`rua=`). This email should be able to handle potentially large attachments.

3. Construct the DMARC Record: Using the basic format provided in the example above, adjust your DMARC policy. If desired, add additional tags based on your requirements.

Example DMARC Record:

v=DMARC1; p=none; rua=mailto:dmarcreports@yourdomain.com

Step 3: Publish Your DMARC Record

1. Log into Your DNS Manager: Access the DNS management interface provided by your domain registrar or hosting service.

2. Add a New TXT Record: Navigate to the section where you can manage DNS records and choose to add a new TXT record.

3. Enter the Record Details:

   - Name/Host/Alias: Often this is `_dmarc.yourdomain.com`.

   - Value/Text: Enter the DMARC record you created in Step 2.

   - TTL: Set the time-to-live (TTL) as recommended by your host (often 3600 seconds, which is one hour).

4. Save Your Changes: Confirm and save the new TXT record.

Step 4: Verify Your DMARC Record

After publishing your DMARC record, it’s essential to verify that it’s correctly set up:

1. Use a DMARC Record Checker: There are several free tools available online where you can enter your domain to check if the DMARC record exists and is valid. A good one is https://mxtoolbox.com 

2. Monitor the Reports: Check the reports sent to the email specified in your DMARC record. These reports will provide insights into which emails are passing or failing DMARC checks and why.

Conclusion

Setting up a DMARC record is an essential step in protecting your domain from email spoofing and phishing attacks. Starting with a monitoring policy allows you to see how emails are being sent on your behalf without immediately affecting email delivery. Over time, adjusting your DMARC policy based on the data in the reports can significantly improve your email security. Always ensure that your DMARC record aligns with your current email practices to avoid legitimate emails being marked as spam or rejected.