DIY vs. Automated DMARC: Answering Your Questions

Did you miss our DIY vs. automated DMARC webinar? Check out the recap and the answers to some questions we received.
diy vs automated dmarc

Thank you to everyone who attended our DIY vs. automated DMARC webinar! We received a lot of great questions, but we were only able to answer some of them live. In this blog post, we’ll answer the questions that we didn’t get to!  

In case you missed our webinar, we discussed the differences between DIY vs. automated DMARC. There are many pitfalls and challenges associated with trying to get to DMARC enforcement on your own, and we covered how automated DMARC can help you avoid these challenges. 

If you’re interested in viewing the whole webinar, watch it here: 

 You can also read on to find the answer to some of the questions that we received. 

How do I use RUF, RUA, and SMTP TLS reports?

An aggregate report (RUA) and a forensic report (RUF) are important for DMARC. 

The RUA reports are the most important; you can find important information on your DMARC, DKIM, and SPF statuses. In the RUA report, you’ll be able to find important information, like: 

  • The domain
  •  Report’s date and time range
  •  Type of DMARC policy 
  •  Authentication information
  •  IP addresses

The RUF reports contain more data that may be sensitive, so healthcare, government, and financial industries may want to avoid enabling this type of reporting. We recommend only using RUA reports. 

SMTP TLS reports come from the Internet and warn you of any connection issues your servers might experience when connected to your email system. These reports allow you visibility into any expired certificates, unresponsive servers, mismatched certificates, and TLS connections. 

Does DMARC require me to establish an MX record and/or domain?

The mail exchange (MX) record is located in the Domain Name System (DNS). This record lists what mail server that accepts email messages on behalf of the domain name.  

To add a DMARC record, you’ll need to own the domain. Once you own the domain, you’ll need to add the DMARC record in your DNS, so technically, you should have an MX record. 

However, if you’re using Valimail Monitor, all you need to do is create a DMARC record and point that to Valimail. 

how valimail helps with dmarc

Does BIMI work without a Verified Mark Certificate (VMC)?

Currently, you do need to have a VMC for BIMI to work. 

In addition to a VMC, you’ll also need to ensure your brand’s domain is at DMARC enforcement. Your DMARC policy must be at either “p=quarantine” or “p=reject.” A policy of “p=none” will not be enough to satisfy BIMI standards

Lastly, you need to maintain your domain’s BIMI record in your DNS.

Can I track down the contents or subject line of an email that DMARC blocked?

If your DMARC policy is set to p=reject, you won’t be able to see your email’s contents or subject line. This is due to personal identifiable information (PII) privacy concerns. 

However, if you want to learn more about this, contact our sales team

Should an SPF record have IP addresses if you’re only sending from Office 365?

It is better to use Microsoft’s provided include statement and add it to your SPF record. For example, you would use this: 

include:spf.protection.outlook.com 

We also highly recommend that you enable DKIM for Office 365. You can find more information on that on our support portal. 

My company manages emails for other companies. Should we add them all to the same account or keep them separate?

In most cases, adding all the controlled domains to one account is easier. 

However, MSPs may want to have separate accounts for each client. 

Start using automated DMARC today

These are only a few questions someone might have while trying to get to DMARC enforcement alone. We know it can be challenging, so we make the process as simple as possible. 

Take the first step towards automating your DMARC enforcement by signing up for a free account on Valimail Monitor. On this platform, you’ll see who’s sending mail under your domain’s name and monitor your DMARC enforcement status. 

Once you have that visibility, we can help you take the next steps toward DMARC enforcement.

Get started for free
with Monitor

Start your path to DMARC enforcement with a panoramic view of the traffic being sent on your behalf.
No trial offers, credit cards, or obligations.

Explore all Valimail
has to offer

Go one step further than visibility…Take action! Reach DMARC enforcement faster. Stay compliant with evolving sender requirements. All while protecting your brand.

Phishing and BEC protection starts with your domain — verify your DMARC status with the Valimail Domain Checker.