Setup of DMARC policies
DMARC stands for Domain-based Message Authentication, Reporting and Conformance. It’s an email security policy that allows you to create rules that will protect your customers from ill-intended emails that pretend to be emails from your company.
Not all businesses need DMARC. For example, if you rely heavily on sending marketing emails via Mailchimp or any other email marketing service, you better set up DMARC.
To enable DMARC, you will need to add extra DNS records and settings to your account in your domain registrar.
How does DMARC work
When your email domain has DMARC security policy, that allows you to specify rules for how your emails should be handled by receivers. DMARC checks all emails you send to clients for compliance with rules you pre-established. For example, you set the rule that your emails are sent from specific IP-addresses. When a spammer tries to send an email allegedly on behalf of your company, but from another IP address, that email won’t pass the verification check and won’t reach your client’s inbox.
To sum it up, here’s what DMARC does when added to your domain:
Protects your customers. DMARC verifies emails sent from your domain, preventing your clients from forged emails (this is called “spoofing”) or emails with links that lead to fake websites to steal personal data (this is called “phishing”).
Sends you feedback about emails. You will receive stat reports on how many emails got error reports or failed verification due to malice activities. The reports help investigate technical problems with digital signatures and spoofing attempts.
Allows you to send dynamic emails. Emails with various dynamic content like videos, gifs, etc. can be sent with DMARC only.
To learn more about DMARC and how it works, read the detailed explanation from our partners from the Postmark mailing service.
Adding DMARC for your domain
To set up DMARC you need to adjust some DNS settings in your custom domain.
In a nutshell, you will need two protecting mechanisms:
- DKIM (Domainkeys Identified Mail) that authenticates emails with help of a secret key;
- Return-Path, which indicates the email address where bounced messages are delivered and ensures that messages come from an authorized server for your domain.
DKIM and Return-Path records are generated for each domain individually, so you will need to contact Ecwid support to get them. The support team will provide you with further details on how to make adjustments in your domain DNS settings.