This article contains information on setting up external domain verification for DMARC, including publishing a DNS record to allow report delivery to another domain and ensuring proper configuration to prevent misuse.
When you set up DMARC for your domain ISPs will start sending reports to the address in your DNS record.
For instance, if you have published a DNS record on "somedomainyouown.com":
v=DMARC1; p=none; rua=mailto:dmarc@corporatedomain.comYou will receive reports for "somedomainyouown.com" on your "dmarc@corporatedomain.com". However, "corporatedomain.com" should be allowed to receive reports for "somedomainyouown.com" to prevent misuse of DMARC. The system which is used for this is called “External domain verification”. "Corporatedomain.com" needs to publish a DNS record to allow this. The record should be published on:
somedomainyouown.com._report._dmarc.corporatedomain.comThe contents of this record must be exactly:
v=DMARC1After setting this up, you’ll start receiving reports on dmarc@corporatedomain.com.
This only applies when you're sending reports to your own addresses. If you're using the custom DMARC Analyzer report address in your DNS record, this will already be configured for you.
Comments
Please sign in to leave a comment.