How do I send DMARC records to another domain?

When you set up your DMARC record and you point your reporting to Agari we need to create a rule in DNS letting the reporters know that we allowed you to send your reporting information to us. This is called "External Verification". If these rules were not in place, then this would give the bad guys the chance to create a DMARC record for a domain that points to a victim's email address, send a bunch of malicious emails that fail authentication, and then flood the victim's mailbox with unwanted reports. In order to set up external verification, a special TXT record must be created.

 

Example: 

Let's say I have the domain example.com. If I do a DMARC lookup for this domain I may find a different reporting address configured:

v=DMARC1; p=none; rua=mailto:dmarc_reports@examplereport.net

 

You can see that the domain of example.com does not match examplereport.net. This means examplereport.net needs to publish a special TXT record at a specific location in the DNS. If example.com tells the DMARC reporters to send DMARC reports to the examplereport.net domain, people who are sending reports will look for a TXT record at this location:

example.com._report._dmarc.examplereport.net

 

The answer to this query should be: v=DMARC1

 

For further details and information, please review section 7.1 of the DMARC RFC. If you have questions or would like to discuss, please do not hesitate to reach out to support@agari.com

 

 
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk