How to set DMARC in your Google Workspace?

Hey there! 👋

Setting up DMARC (Domain-based Message Authentication, Reporting & Conformance) is an essential thing to protect your domain from email spoofing and phishing attacks.

What’s DMARC and Why You Need It?

DMARC ensures that your emails are validated via SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail). This makes it more difficult for attackers to send bogus emails pretending to be you. You also get reports that help you monitor and enhance your email security. Win-win! 🏆

Step 1: Create Your DMARC Record

Create a DMARC record. You will add This TXT record to your domain's DNS settings.

1. Log in to your DNS provider: This could be where you registered your domain (like GoDaddy, Namecheap, etc.).

2. Find the DNS management section: Look for "Manage DNS" or "DNS Settings".

3. Add a new TXT record: add the following details

   • Name/Host: _dmarc.yourdomain.com (replace "yourdomain.com" with your actual domain).

   • Value: This is your DMARC policy. A basic example looks like this, for your case it will be different.

     cssCopy codev=DMARC1; p=none; rua=mailto:[email protected]; ruf=mailto:[email protected]; sp=none; fo=1

     Let’s break it down:

     • v=DMARC1: Specifies the DMARC version.

     • p=none: This policy means you’re just monitoring (you can change this to "quarantine" or "reject" later).

     • rua=mailto:[email protected]: Where aggregate reports will be sent.

     • ruf=mailto:[email protected]: Where forensic reports will be sent.

     • sp=none: Subdomain policy (same as main policy here).

     • fo=1: Report failures.

Step 2: Update Your DNS Settings

Once your DMARC record is created, add it to your DNS settings.

1. Log in to your domain registrar: Go to where you manage your DNS settings.

2. Add the TXT record: Paste the DMARC record you created into the TXT record section.

3. Save your changes: Don’t forget to hit save!

Step 3: Verify Your DMARC Record

To ensure everything is set correctly, you can verify your DMARC Record

1. Use a DMARC checker: You can use MXtoolbox.com to check your DMRAC. Just enter your domain and check if the DMARC is set correctly

Step 4: Monitor and Adjust Your Policy

Once your DMARC record is live, you’ll start receiving reports. Then you can:

1. Check your reports: Look for emails that failed authentication.

2. Adjust your policy: If everything looks good, you can change your policy from none to quarantine or reject to start blocking fraudulent emails.

Pro Tips! 🧐

• Start slow: Begin with p=none monitoring without affecting your email flow.

• Gradually increase strictness: Move to quarantine and then reject as you gain confidence.

• Review reports regularly: Stay on top of your email security by checking your reports frequently.

Happy Emailing 🥂​