Skip to main content

How to Configure DMARC Records for Your Domain

Updated this week

Introduction to DMARC

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an essential email authentication protocol that helps organizations protect their email domains from spoofing, phishing, and other fraudulent activities. By implementing DMARC records, you can enhance email security, improve deliverability, and safeguard your brand reputation.

Step-by-Step Guide to Setting Up DMARC Records

Step 1: Assess Your Email Infrastructure

Before configuring DMARC, assess your current email infrastructure and identify all legitimate senders and sources associated with your domain. This includes email service providers, marketing automation platforms, and any third-party email servers used to send emails on your behalf.

Step 2: Start with a Monitoring Policy

Begin by publishing a DMARC record with a monitoring (p=none) policy. This allows you to monitor email authentication results without impacting email delivery. To do this, follow these steps:

  1. Log in to your domain's DNS management console.

  2. Navigate to the DNS records section.

  3. Add a TXT record with the following information:

    1. Name/Host: _dmarc.yourdomain.com

    2. Value: v=DMARC1; p=none; rua=mailto:your@email.com; ruf=mailto:your@email.com;

    3. Replace yourdomain.com with your actual domain and your@email.com with the email address where you want to receive DMARC reports.

Step 3: Gradually Enforce Strict Policies

Once you've gained insights from monitoring DMARC reports and ensured that legitimate emails are passing authentication checks, you can gradually enforce stricter DMARC policies. Consider implementing policies such as quarantine (p=quarantine) or reject (p=reject) to instruct email receivers on how to handle emails that fail authentication.

Step 4: Use DMARC Alignment

Maximize the effectiveness of your DMARC policy by ensuring SPF and DKIM alignment. Make sure all outbound emails are properly authenticated using SPF and DKIM to align with the From: domain specified in the email header.

Step 5: Monitor and Analyze DMARC Reports

Regularly monitor and analyze DMARC reports to identify any issues or anomalies. Pay attention to the percentage of emails passing authentication, sources of failed authentication, and any unauthorized senders attempting to spoof your domain. Use this information to fine-tune your DMARC policy and improve email authentication practices.

Step 6: Collaborate with Third-party Senders

If your domain relies on third-party senders or vendors to send emails on your behalf, collaborate with them to ensure compliance with your DMARC policy. Encourage them to implement SPF and DKIM authentication for emails sent on your behalf and provide guidance on DMARC best practices.

Step 7: Maintain Ongoing Compliance and Security

Regularly review and update your DMARC policy to maintain compliance with industry standards and adapt to evolving email security threats. Stay informed about best practices for email authentication and security, and continuously educate your team members about the importance of DMARC and email security hygiene.

By following these steps, you can effectively configure DMARC records for your domain and enhance email security, protect your brand reputation, and improve email deliverability.


Understanding transactional email behavior with white label domains

When configuring a white label domain for your event communications, it's important to note that transactional emails, such as one-time passwords (OTPs), are intentionally sent from noreply@swapcard.com. This design choice helps protect the email reputation and ensures high deliverability rates for critical system messages.

While promotional and marketing emails can be sent from your configured white label domain, transactional emails remain under Swapcard's domain to maintain consistent authentication and avoid potential issues with email spoofing or phishing filters.


Addressing internal email filtering issues

In some cases, organizations may experience issues receiving transactional emails, especially when the sender and recipient share the same domain (e.g., user@yourdomain.com sending to anotheruser@yourdomain.com). Internal security systems, such as spam or phishing filters, might block or quarantine these messages, mistaking them for spoofed emails.

To mitigate this:

  • Whitelist Trusted Senders: Ensure that your IT department has whitelisted noreply@swapcard.com and any other trusted senders.

  • Review Spam Filters: Check your organization's spam and security filter settings to allow legitimate internal emails.

  • Authenticate Emails Properly: Ensure that SPF, DKIM, and DMARC records are correctly configured and aligned

By taking these steps, you can reduce the likelihood of legitimate transactional emails being blocked or marked as spam within your organization.


Properly configuring your DMARC records is a crucial step in protecting your domain from spoofing and ensuring email deliverability. While white label domains enhance branding for promotional emails, transactional messages like OTPs will continue to come from noreply@swapcard.com to maintain a high reputation and reliability.

If your internal users are not receiving these emails, it's essential to check your spam filter policies—especially for same-domain sender/receiver scenarios—to avoid false positives. Collaboration with your IT team can help ensure these critical emails reach their destination without interruption.

Did this answer your question?