Gmail, Yahoo, and Microsoft require businesses that send bulk email to authenticate their messages with DMARC. This article explains what DMARC is, why the major mailbox providers now require it, and how to add a DMARC record to your domain through your Hover control panel.
Why Gmail, Yahoo, and Microsoft Require DMARC
Gmail and Yahoo require bulk email senders to implement DMARC, and Microsoft enforces the same requirement for high-volume senders through Outlook and Microsoft 365. These requirements are now in effect and apply to any domain sending a meaningful volume of email, not just large marketing operations.
Note: If you run a small business and send email through your own domain — even in modest volumes — meeting these requirements protects your ability to reach customers' inboxes and helps prevent your address from being used to impersonate you.
What Is DMARC?
Domain-based Message Authentication, Reporting & Conformance (DMARC) is an email authentication, policy, and reporting protocol. It works together with Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to tell receiving mail servers what to do when a message claiming to be from your domain fails authentication, and it reports those failures back to you. In short, DMARC helps protect your domain from being used in fraudulent or spoofed email.
Publishing a DMARC record also improves inbox placement. It signals to internet service providers that you follow established email standards, which reduces the chance of your legitimate emails being flagged as spam.
Before you begin
- Confirm SPF is set up. Your domain needs a valid SPF record before DMARC can pass. See Creating an SPF Record for instructions.
- Confirm DKIM is set up. DKIM authentication should also be configured for your domain. Since DKIM enablement on Hover is agent-assisted rather than self-serve, see Setting Up DKIM for Your Hover Email Domain to request it from Hover Support before continuing.
- Have access to your domain's DNS settings. You'll sign in to your Hover control panel to add the DMARC record.
What Your DMARC Record Needs to Include
To pass DMARC, your outgoing email needs to meet three requirements:
- Authenticate with SPF. Your domain publishes a valid SPF record.
- Authenticate with DKIM. Your domain signs outgoing mail with DKIM.
- Publish a DMARC TXT record. Your domain has a DMARC policy published in DNS.
Record type | Location | Example value |
|---|---|---|
SPF (TXT) | Root domain | v=spf1 include:_spf.hostedemail.com ~all — for the Hosted Email platform |
DMARC (TXT) | _dmarc subdomain | v=DMARC1; p=none; (minimum required) |
DMARC with reporting (TXT) | _dmarc subdomain | v=DMARC1; p=none; rua=mailto:username@example1.tld; ruf=mailto:username@example2.tld; fo=1 (suggested, so you receive stat data) |
Understanding the Tags in a DMARC Record
Tag | Value | What it means |
|---|---|---|
v | DMARC1 | The DMARC version, which should always be DMARC1. Note: An incorrect version tag causes the entire record to be ignored. |
p | none | The policy applied to emails that fail the DMARC check. Valid values are none, quarantine, or reject. None collects feedback and gives you visibility into your email streams without affecting delivery. |
rua | mailto:dmarc-username@example.com | The address(es) that receive aggregate XML feedback reports. |
ruf | mailto:dmarc-username@example.com | The address(es) that receive forensic failure reports. |
Step 1: Add the DMARC Record in Your Hover Control Panel
- Sign in to your Hover control panel using your chosen method of two-factor authentication.
- Click Domains and select your domain.
- Click DNS, then Add a record.
- Enter each record below in the text field, replacing username@example.com with your own email address, then click Save.
Host name | Value |
|---|---|
_dmarc | v=DMARC1; p=none; rua=mailto:username@example.com; ruf=mailto:username@example.com; fo=1 |
(leave blank) | v=spf1 include:_spf.hostedemail.com ~all |
Next steps
- Verify your SPF record is also in place. See Creating an SPF Record if you haven't added one yet.
- Confirm DKIM is enabled for your domain. See Setting Up DKIM for Your Hover Email Domain.
- Check your published record with a DMARC record checker, such as the DMARC Record Checker from Dmarcian.
- Read the provider announcements for more background: Yahoo's update on enforcing email standards, Google's Gmail protections announcement, Microsoft's requirements for high-volume senders, and Dmarcian's overview of the Gmail and Yahoo requirements.
Questions? Contact Hover Support.
How helpful was this article?
Thanks for your feedback!
Do you still need help? If so please submit a request here.