NOTE - The exact logic for where you add this (on your Domain or Hosting) can be confusing - so always check with your Domain and Hosting. DMARC wont work properly if your SPF and DKIM aren't set up first. So check - check - check.
Thank you so much, I didn't even know that this was a thing that was happening! For those wondering, this needs to be done once per domain, even if you have multiple emails. The email you put in your DMARC is where you'll get your reports. Also for those copy/pasting the code from the description, make sure to put "reject" or "quarantine" because in that bit he put the neutral "none" which is the worse option and won't protect you.
Thank you Imran, great topic! I've been tweaking SPF, DMARC and DKIM for all my clients for the last 2 months. I think it's really really important for the ecosystem, to prevent spoofing (this was my primary goal) and overall to improve the quality of mail (as a medium).
Just an example reinforcement v=DMARC1;p=reject;sp=reject;adkim=r;aspf=r;pct=100;fo=0;rf=afrf;ri=86400;rua=mailto:report@yourdomain;ruf=mailto:failure@yourdomain P → Policy for the domain SP → Policy for subdomains ADKIM and ASPF → Alignment "r" for relaxed, meaning passes if the domain is an exact match PCT → Percentage of messages to which the DMARC policy is applied FO → Failure options, "0" means a report is generated only if both SPF and DKIM checks fail RF → Format of the failure report RI → Reporting interval, "86400" is once per day RUA → For sending aggregate reports, which provide an overview of message volume and authentication status RUF → For sending failure reports, which provide details on specific messages that failed DMARC checks
It's one of those pains that makes me want to offload all legacy hosting clients asap as it removes the fun of web designing. PS: Always check with your Domain and Host Providers to be sure of what to add and where. Also obtain any extra codes from your Newsletter services.
Very informative, going to log into my SiteGround account and do this now. Thank you!! Woohoo! I get the first comment on a Web Squadron vid! I'm chuffed! 🤣
Awesome thanks for lettings us know about this. I am a little bit confused because you mentioned that reject is probably the best option and none is the worst but siteground article recommends to start with none and then gradually move to others.
It's tricky to be sure. Always check with your Domain and Host Providers to be sure of what to add and where. Also obtain any extra codes from your Newsletter services.
And if my client doesn't want to receive those DMARC reports, should I remove their email address from the RUA tag at the end? Will it work without admin email at the end?
ok, i tried many times to copy/paste the text I've used, but youtube won't let the comment appear. Is there an alternate method of displaying it to you?
You're telling people that the 'p=none' option is the worst option, and that you use the reject option, however, open checking your records at the time of this comment, you are using 'p=none'. Any reason for this?
I know what you mean. The emailaddress that you have to fill in, in the record is just for reporting. It does not mean that this DNS dmarc setting is only applied to this email.
Mostly good info here, but a bit sloppy on where this is to be done. Clearly it’s a DNS change so it must be done in your domain’s active DNS zone - which is where your Name Servers point… which could be where your domain name is hosted/registered, or where your website is hosted, or neither.. perhaps Cloudflare.
Peter, the whole video is six and a half minute. If that's too long for your attention span, you need serious help. Also, the context in the beginning of the video was very helpful.
@@atlibjarna the information you need from this video has less than 60 seconds of the whole content. Everything else is waste of time. Maybe you like wasting your time. I don´t
NOTE - The exact logic for where you add this (on your Domain or Hosting) can be confusing - so always check with your Domain and Hosting.
DMARC wont work properly if your SPF and DKIM aren't set up first.
So check - check - check.
Thank you so much, I didn't even know that this was a thing that was happening!
For those wondering, this needs to be done once per domain, even if you have multiple emails. The email you put in your DMARC is where you'll get your reports.
Also for those copy/pasting the code from the description, make sure to put "reject" or "quarantine" because in that bit he put the neutral "none" which is the worse option and won't protect you.
Glad it was helpful!
This has been on my “to-do” list for the past 2 months. Saw this video and no longer intimidated… thank you Imran!
Thanks. Always check with your domain and hosting providers
Thanks, Imran. You're my #1 go to guy for quick, action-oriented tips.
I was just going to look into DMARC, only recently heard about it. You've done it for me, cheers Imran! 👍😊
Always check with your Domain and Host Providers to be sure of what to add and where.
Also obtain any extra codes from your Newsletter services.
Thank you Imran, great topic!
I've been tweaking SPF, DMARC and DKIM for all my clients for the last 2 months.
I think it's really really important for the ecosystem, to prevent spoofing (this was my primary goal) and overall to improve the quality of mail (as a medium).
Thanks for sharing this important information Imran!
My pleasure
OMG thank you! I was hoping you would explain all this to us.
Make sure you check with your domain and hosting and with your newsletter services too
Just an example reinforcement
v=DMARC1;p=reject;sp=reject;adkim=r;aspf=r;pct=100;fo=0;rf=afrf;ri=86400;rua=mailto:report@yourdomain;ruf=mailto:failure@yourdomain
P → Policy for the domain
SP → Policy for subdomains
ADKIM and ASPF → Alignment "r" for relaxed, meaning passes if the domain is an exact match
PCT → Percentage of messages to which the DMARC policy is applied
FO → Failure options, "0" means a report is generated only if both SPF and DKIM checks fail
RF → Format of the failure report
RI → Reporting interval, "86400" is once per day
RUA → For sending aggregate reports, which provide an overview of message volume and authentication status
RUF → For sending failure reports, which provide details on specific messages that failed DMARC checks
Excellent
Great video mate. Level that up for sure with DMARC, DKIM and SPF. It doesn't guarantee your deliverability, but it needs to be done
It's one of those pains that makes me want to offload all legacy hosting clients asap as it removes the fun of web designing.
PS: Always check with your Domain and Host Providers to be sure of what to add and where. Also obtain any extra codes from your Newsletter services.
Thank you so much for this!
Glad it was helpful!
Very informative, going to log into my SiteGround account and do this now. Thank you!!
Woohoo! I get the first comment on a Web Squadron vid! I'm chuffed! 🤣
Boom!
Always check with your Domain and Host Providers to be sure of what to add and where.
Also obtain any extra codes from your Newsletter services.
Like you, I"m with SiteGround, they make it easy and their tech support folks are brilliant too.@@websquadron
Thank you so much, very helpful.
Doublecheck with your host and domain provider if unsure.
Awesome thanks for lettings us know about this. I am a little bit confused because you mentioned that reject is probably the best option and none is the worst but siteground article recommends to start with none and then gradually move to others.
Yup - go for none.
Reject is way too harsh.
It’s fine for me but to play safe go for none.
Thank you soooo much!
Always check with your Domain and Host Providers to be sure of what to add and where.
Also obtain any extra codes from your Newsletter services.
Thank you
very useful, thanks
Thank you i will check on this
Always check with your Domain and Host Providers to be sure of what to add and where. Also obtain any extra codes from your Newsletter services.
Thanks Imran for this video, if cloudflare is handling my Dns, do i need to add this on cloudflare as well ?
Best to check with them
@@websquadron Thanks 👍
do you have to do this with your hosting account and cloudflare account if you have one, i assume so.
It's tricky to be sure.
Always check with your Domain and Host Providers to be sure of what to add and where. Also obtain any extra codes from your Newsletter services.
And if my client doesn't want to receive those DMARC reports, should I remove their email address from the RUA tag at the end? Will it work without admin email at the end?
Add an alternate email address instead.
Imran, if you use several emails on a site such as a name@ or info@, do you need to set up a DMARC for all of them or just one of them?
Only for the main domain.
@@websquadron thank you so much from Greg Hyatt!
What do we do if we use several email addresses for newsletters?
Make sure you do it for the parent domain
Create tutorial on SPF and dkim
Wow. Struggling thru this now
It can be quite confusing because domains and hosting providers have different rules so always best to check.
i have a question if our site is cnnected to cloudflare then we add this record to cloudflare dns or not help me i am waiting
What did your host provider say?
Does this have to be done for sub domains as well?
Nope
it doesnt work in my case with siteground. I get the message invalid field. What am i doing wrong?
What exactly are you pasting?
And are you adding as a TXT field?
Where was the domain purchased?
I've replied three times but my replies won't come through. I can't see them here@@websquadron
ok, i tried many times to copy/paste the text I've used, but youtube won't let the comment appear. Is there an alternate method of displaying it to you?
What are you pasting?
Unfortunately, I am unable to paste it as it will be blocked.
@@websquadron v=DMARC1; p=reject; rua=mailto:
I tried to reply to your comment multiple times but my comments won't appear below.
I can see your comment now?
You're telling people that the 'p=none' option is the worst option, and that you use the reject option, however, open checking your records at the time of this comment, you are using 'p=none'. Any reason for this?
I recently switched to none.
Reject is fine unless you notice emails ending up in junk
do i have to add this for every email address i have on my domain?
Just for the parent domain.
If the emails are under different domains then yes.
@@websquadron i have 6 domains on my hosting each with 3 to 4 email address so i have to do it with 1 email addess from each domain. right?
Yes, for each email. If unsure check with your hosting.@@smnabeel
Always check with your Domain and Host Providers to be sure of what to add and where.
Also obtain any extra codes from your Newsletter services.
I know what you mean. The emailaddress that you have to fill in, in the record is just for reporting. It does not mean that this DNS dmarc setting is only applied to this email.
Mostly good info here, but a bit sloppy on where this is to be done. Clearly it’s a DNS change so it must be done in your domain’s active DNS zone - which is where your Name Servers point… which could be where your domain name is hosted/registered, or where your website is hosted, or neither.. perhaps Cloudflare.
That’s where it can get weird and some providers have differing views - thus best to check with your providers
Jesus fuck, justo go straight to the fucking point
Oh sorry for ruining your life.
Peter, the whole video is six and a half minute. If that's too long for your attention span, you need serious help. Also, the context in the beginning of the video was very helpful.
@@atlibjarna the information you need from this video has less than 60 seconds of the whole content. Everything else is waste of time. Maybe you like wasting your time. I don´t