Configure DMARC for your domain—Enhanced email delivery service

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol. It helps domain owners protect their domains from unauthorized use, commonly known as email spoofing.

DMARC works with DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework). After adding DMARC to your domain's DNS, any receiving email server can authenticate incoming emails based on the instructions you provided in DMARC. These instructions can include accepting, quarantining, or rejecting emails that fail authentication checks.

Intacct highly recommends that you configure the DMARC for your domain. However, not all receiving servers will perform a DMARC check before accepting a message, but most major ISPs do.

For more information about DMARC, go to https://dmarc.org/overview/.

Subscription Administration
Regional availability

All regions

User type Business user with admin privileges
Permissions Company info: View and Edit

DMARC settings

To configure DMARC, you add a TXT record to your DNS domain.

You do not configure DMARC in Intacct.
DNS attribute Value
DNS key _dmarc.YourDomain.com
DNS type TXT
DNS value v=DMARC1; p=none; rua=<mailto:sample.user@email.com>; ruf=mailto:sample.user@ email.com; pct=100;

In the DNS value above, replace the rua and ruf with the email that you want to receive information.

DMARC format and structure details

The following is an example of a DMARC key:

v=DMARC1; p=none; rua=mailto:sample.user@email.com; ruf=mailto:sample.user@ email.com; pct=100;

Each element is defined in the following table.

DNS Element Definition

v=DMARC1

The beginning of the key specifies that this TXT entry is a DMARC key.

p=none

p= specifies what the receiver server will do if the email coming from your domain did not pass the security check.

There are 3 possible values for p:

  • p=none: This value instructs the receiver not to perform any actions against unqualified mail.

    You will still get reports about the email to address any infractions.

  • p=quarantine: This value tells the receiver to isolate unqualified emails, typically to the spam folder;

  • p=reject: This value tells the receiver to deny all unqualified emails.

rua=mailto:sample.user@email.com

This element specifies the email address to which aggregate reports of DMARC failure will be sent. These reports contain high-level, nongranular information on DMARC failures, and get sent daily to the domain administrator holding the DMARC record.

ruf=mailto:sample.user@domain.com

This element specifies the email address to which forensic reports of DMARC failure will be sent. These forensic reports contain details concerning each failure and get sent in real time to the domain administrator that owns the DMARC record.

Unlike with the rua sample, the mail to email address must be from the published the DMARC record.

pct=100

This element tells the receiving server how much incoming mail must conform to the DMARC policy’s specifications as a percentage value from 1-100. If it is 100, all emails will be validated against the DMARC policy and rejected if they do not pass.

For more information about DMARC, go to https://dmarc.org/overview/.