Skip to main content
Skip table of contents

OnDMARC Implementation: DNS Configurations Overview

OnDMARC is a DMARC (Domain-based Message Authentication, Reporting & Conformance) solution that helps protect your domain from email spoofing and phishing attacks.

To enable OnDMARC for your domain, you must configure specific DNS records.  By leveraging DMARC, SPF, and DKIM protocols, OnDMARC enables domain owners to authenticate legitimate email sources and block unauthorized use of their domain.

Why DNS Configuration is Important

To enable OnDMARC’s protection and reporting features, specific DNS records must be published for your domain. These records communicate your authentication policies to receiving mail servers and enable OnDMARC to monitor and enforce your chosen DMARC policy.

Required DNS Records

  1. DMARC Record

|| Type || Host/Name || Value Example ||
| TXT | _dmarc.yourdomain.com | v=DMARC1; p=quarantine; rua=mailto:dmarc-reports@yourdomain.com; ruf=mailto:dmarc-forensics@yourdomain.com; fo=1 |

The DMARC record defines your domain’s policy for handling unauthenticated emails and specifies where to send aggregate and forensic reports.

  1. SPF Record

|| Type || Host/Name || Value Example ||
| TXT | yourdomain.com | v=spf1 include:spf.ondmarc.com -all |

The SPF record authorizes OnDMARC (and any other legitimate senders) to send emails on behalf of your domain.

  1. DKIM Record

|| Type || Host/Name || Value Example ||
| TXT | selector._domainkey.yourdomain.com | v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A... |

The DKIM record publishes a public key used to verify the authenticity of emails sent from your domain. The selector and public key are provided by OnDMARC.

Additional Information

  • DNS changes may take up to 48 hours to propagate globally.

  • Only one SPF record should exist per domain; if you have an existing SPF record, update it to include OnDMARC.

  • Ensure the DMARC policy (p=) is set according to your organization’s requirements (options: none, quarantine, reject).

  • OnDMARC provides reporting addresses (rua, ruf) for DMARC reports.

Support

Accurate DNS configurations are essential for complete OnDMARC protection and reporting. These configurations are crucial for safeguarding domains against email threats and guaranteeing the delivery of legitimate mail. 101domain's Solutions Engineers are available to assist with correct configurations and ensure that legitimate mail remains unaffected.

Begin your DMARC journey and learn more about DMARC and our Managed DMARC Compliance Services or contact us today 1.888.982.7940.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close